MADELEINE  ALBRIGHT  ON  COMMUNICATION  &  NEGOTIATION 
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Make  a  name  for  yourself 
with  Windows  Server  System. 
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Windows 
Server  System 


Microsoft 

Your  potential.  Our  passion .  " 


Microsoft  Windows  Server  System  makes  it  easier  for 
golf  club  maker  PING  to  manage  the  infrastructure 
serving  their  400  end  users.  Here's  how:  By  using 
Windows  Server  2003  with  Active  Directory,®  PING 
now  centrally  manages  all  its  servers,  desktops, 
and  end  users  from  one  location.  This  cut  annual 
administrative  time  by  800  hours.  Time  that  can  now 
be  spent  developing  new  ways  to  support  customers, 
partners,  and  employees.  Software  that's  easier  to 
manage  is  software  that  helps  you  do  more  with  less. 
Get  the  full  PING  story  at  microsoft.com/wssystem 


"Instead  of  putting  out  fires,  we  now  focus 
on  ways  we  can  deploy  new  technologies 
that  benefit  our  customer  service." 

Dave  Chacon 

Manager,  Technical  Services,  PING 


Windows  Server  System™  includes: 


Server  OS 

Windows  Server™ 

Operations  Infrastructure 

Systems  Management  Server 

Operations  Manager 

Internet  Security  &  Acceleration  Server 

Windows6  Storage  Server 

Application  Infrastructure 

SQL  Server™ 

BizTalk®  Server 

Commerce  Server 

Host  Integration  Server 

Information  Work  Infrastructure 

Exchange  Server 

Content  Management  Server 
Office  SharePoint™  Portal  Server 


Office  Live  Communications  Server 
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Mr.  40%  Less 
Time  Spent  on 
Maintenance  and 
Administration 
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IBM  recommends  Microsoft"  Windows®  XP  Professional 


IBM  ThinkPad  X40 


GO  with  IBM  Think  Express  Program 

IBM  Think  Express  models  are  configured  and  priced 
with  small  to  medium-size  businesses  in  mind. 


IBM  rated  #1  in  tech  support  for  desktops 
and  notebooks  by  PC  Magazine  readers. 
PC  Magazine  17th  Annual  Reader 
Satisfaction  Survey  -  July  14,  2004 


'Availability:  All  offers  subject  to  availability.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not  responsible  for  photographic  or  typographic  errors.  'Pricing: 
does  not  include  tax  or  shipping  and  is  subject  to  change  without  notice.  Reseller  prices  may  vary.  Warranty:  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.0.  Box  12195,  RTP,  NC  27709, 
Attn:  Dept  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or  services.  Footnotes:  (1)  Embedded  Security  Subsystem:  requires  software  download.  (2)  Mobile  Processor:  Power 
management  reduces  processor  speed  when  in  battery  mode.  (3)  Wireless  11a,  11b  and  11  g:  based  on  IEEE  802.11a,  802.11b  and  802.1 1  g,  respectively.  An  adapter  with  lla/b,  1 1  b/g  or  1 1  a/b/g  can  communicate  on  either 
or  any  of  these  listed  formats  respectively;  the  actual  connection  will  be  based  on  the  access  point  to  which  it  connects.  (4)  Included  software:  may  differ  from  its  retail  version  (if  available)  and  may  not  include  user 
manuals  or  all  program  functionality.  License  agreements  may  apply.  (5)  Memory:  For  PCs  without  a  separate  video  card,  memory  supports  both  system  and  video.  Accessible  system  memory  is  up  to  64MB  less  than 
the  amount  stated,  depending  on  video  mode.  (6)  Hard  drive:  GB  =  billion  bytes.  Accessible  capacity  is  less;  up  to  4GB  is  service  partition.  (8)  Limited  warranty:  Support  unrelated  to  a  warranty  issue  may  be  subject 
to  additional  charges.  (9)  ServicePac  services:  are  available  for  machines  normally  used  for  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Service  period  begins  with  the 
equipment  date  of  purchase.  Service  levels  are  response-time  objectives  and  are  not  guarantees.  If  the  machine  problem  turns  out  to  be  a  Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick 
replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to  perform  service  at  the  depot  repair  center. 


Our  ultraportable  notebook  has  never 

been  easier  to  carry.  Trains.  Planes.  Automobiles. 

Three  reasons  not  to  lug  around  a  heavy  notebook.  So,  when  you’re 
away  from  the  office  and  working  wirelessly,  use  an  IBM  ThinkPad8' X40 
notebook,  with  Intel®  Centrino™  Mobile  Technology  (on  select  models). 
They’re  our  thinnest,  lightest11  notebooks  ever.  Yet,  they’re  really  big 
on  features,  like  a  full-size  keyboard.10  Some  models  are  just  2.7  lbs. 
Other  models  feature  the  longest  standard  battery  life  of  any  leading  brand 
notebook21  (8-cell  battery  required,  not  shown).  The  IBM  ThinkPad  X40. 
Fast  and  powerful,  in  a  surprisingly  convenient  take-home  size. 

You  might  want  to  keep  an  eye  on  it. 

Ultralight  weight.  Longest-lasting  standard  battery. 

Only  on  a  ThinkPad. 

1  866  426-5990  ibm.com/shop/m559 


TECHNOLOGY 

IBM  ThinkPad  R51 

Ultimate  Value 

Distinctive  IBM  Innovations: 

•  IBM  Embedded  Security  Subsystem  2.0'- 
Strongest  security  as  a  standard  feature  (Excluding 
IBM  models  with  Integrated  Fingerprint  Reader) 

•  IBM  Access  Connections  -  switch  between  wired 
and  wireless  connections 

System  Features: 

•  Intel®  Centrino™  Mobile  Technology 

•  Intel®  Pentium®  M  Processor  715  (1.50GHz)2 

•  Intel®  PROAA/ireless  Network  Connections  802.1 1  b/g3 

•  Microsoft  Windows  XP  Professional4 
•14.1"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM5 

•  30GB  hard  drive6 

•  Ultrabay™  Enhanced  CD-RW/DVD-ROM  combo 

•  IBM  UltraConnect™  Antenna  for  increased 
signal  strength 

•  1-yr  system/battery  limited  warranty8 

NavCode  28838QU-M559 
THINK  EXPRESS  MODEL  PRICED  AT: 

$46/mo  for  36  months 
SuccessLease  for  Small  Business19 

ServicePac®  Service  Upgrade:9 
3-yr  Depot  Repair  #30L91 92  $132 

IBM  ThinkPad  X40 

Our  thinnest  and  lightest 

Distinctive  IBM  Innovations: 

•  IBM  Embedded  Security  Subsystem  2.0  - 
Strongest  security  as  a  standard  feature 

•  IBM  Rescue  and  Recovery™  - 
One-button  recovery  and  restore  solution 

System  Features: 

•  Intel®  Centrino™  Mobile  Technology 

•  Intel®  Pentium®  M  Processor  ULV  1.1GHz 

•  Intel®  PRO/Wireless  Network  Connection  802.11  b/g 

•  Microsoft  Windows  XP  Professional 
•12.1"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM 

•  20GB  hard  drive 

•  Integrated  Gigabit  Ethernet  and  modem 

•  Legendary  IBM  full-size  keyboard10 

•  Only  .94"  thin" 

•  2.7-lb  travel  weight12 

•  1-yr  system/battery  limited  warranty8 


NavCode  2386A4U-M559 

THINK  EXPRESS  MODEL  PRICED  AT: 


$1,499* 


$53/mo  for  36  months 
SuccessLease  for  Small  Business 


Calls  must  be  received  by  5pm  local  time  in  order  to  qualify  for  Next  Business  Day  service.  (10)  Full-size  keyboard:  As  defined  by  ISO/IEC  15412.  (11)  Thinness:  may  vary  at  certain  points  on  the  system. 
(12)  Travel  weight:  includes  battery  and  optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay,  if  applicable:  weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options.  (13)  Public 
network  access  limited:  Subscription  may  be  required  and  fees  may  apply.  (19)  SuccessLease:  SuccessLease  program,  rates  and  terms  are  provided  by  third-party  financiers  approved  by  IBM  Global  Financing  to 
credit-qualified  business  customers  installing  in  the  U.S.  Featured  monthly  lease  payments  based  on  prespecified  end-of-lease  purchase  option;  documentation  fee  and  first  month’s  payment  due  at  lease  sign  r  g;  taxes 
are  additional.  Options  cannot  be  leased  separately.  IBM  and  IBM  Global  Financing  reserve  the  right  to  alter  product  offerings,  specifications  or  financing  terms  at  any  time,  without  notice.  (21)  Battery  Life.  Based  on 
manufacturer's  published  figures  or  CNET.com  results  for  the  top  5  vendors  in  2003  notebook  sales  based  on  IDC  data  as  of  1/29/2004.  Trademarks:  The  following  are  trademarks  or  registered  trademarks  of  IBM  Corporation: 
IBM,  the  IBM  logo.  Rapid  Restore,  Rescue  and  Recovery,  ThinkPad,  Ultrabay,  UltraConnect  and  UltraNav.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation.  Intel,  Intel  Xeon,  Intel  Inside,  Intel 
Inside  logo,  Intel  Centrino,  Intel  Centrino  logo,  Intel  SpeedStep  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company, 
product  and  service  names  may  be  trademarks  or  service  marks  of  other  companies.  ©2004  IBM  Corporation.  All  rights  reserved. 

Visit  www.ibm.com/pc/safecomputing  periodically  for  the  latest  information  on  sale  and  effective  computing. 


Knowing  is  more  than  being  aware.  It's  about  being  able  to  determine,  prioritize 
and  deliver  what  and  how  much  protection  is  needed  and  where.  You  can't  eliminate 
risk  completely,  but  you  can  manage  it  and  reduce  your  exposure  time. 

NetlQ  Security  Management  is  the  only  way  to  manage  risk,  assure  compliance  and 
secure  assets.  Our  knowledge-based  software  solutions  are  intelligent  and  simple  to  use. 
Only  NetlQ,  a  leader  in  systems  and  security  management,  gives  you  the  assurance  of 
knowing  that  risk  is  mitigated  and  your  enterprise  is  secure,  available  and  performing. 


©  Copyright  2005  NetlQ  Corporation.  All  rights  reserved.  NetlQ  and  the  NetlQ  logo  are  registered  trademarks  of  the  NetlQ  Corporation 


Knowing 

that  you're  managing  risk. 


Knowing  is  everything!" 


www.netiq.com/solutions/security 


WE  GET  IT.  WE  SPEAK  IT.  WE  KNOW  IT. 

Now  we'll  even  tell  you  how  much  IT  pays. 


WE  GET  IT.  WE  SPEAK  IT.  WE  KNOW  IT. 


Information  Technology  Professionals 
A  Robert  Half  International  Company 
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The  2005  Salary  Guide  is  here. 

Call  today  or  visit  us  online  for  your  FREE  copy. 
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Robert  Half 

Technology 

Information  Technology  Professionals 


800.793.5533  •  rht.com 

A  Robert  Half  International  Company 


©  Robert  Half  Technology.  EOE  09/04-4300 
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Wisconsin-based  Lands’  End  CIO 
Frank  Giannantonio  isn’t  anywhere 
near  the  Pacific,  but  he’s  braced  for 
the  wave  of  privacy  legislation  Z>T7-  ' 
rolling  out  of  California.  j. 
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Communication 

ALBRIGHT  ON  COMMUNICATION, 
INFORMATION  AND  NEGOTIATION  |  58 

Former  U.S.  Secretary  of  State  Madeleine 
Albright  shares  her  secrets  for  persuading 
people  even  tougher  than  Larry  Ellison 
to  do  what  you  want. 

Interview  by  Abbie  Lundberg  and 
Meridith  Levinson 

Compliance 

MESSAGE  THERAPY  |  50 

Federal  regulations  require  an  entirely  new 
approach  to  storing  and  searching  e-mails. 
Noncompliance  is  not  an  option. 

Feature  by  Ben  Worthen 

MANAGING  THE  RISK  OF  INSTANT 
MESSAGING  |  CIO.COM 

And  just  when  you’ve  got  e-mail  under 
control,  instant  messaging  rears  its  insistent 
head.  Read  attorney  John  Gliedman’s  advice 
on  dealing  with  the  risk  of  IM. 

www.cio.com/printlinks 

Cost  Control 

PRUNE  I.T.  SYSTEMS, 

NOT  BUDGETS  |  36 

If  you  want  to  cut  costs  but  avoid  painful 
consequences  to  the  business,  don’t  just 
slash  IT  spending;  prune  redundant 
systems,  and  make  sure  your  CFO  and 
CEO  know  why. 

Column  by  Michael  Schrage 


Wherever  your  business  is  headquartered— on  the 
Midwest’s  grassy  plains  or  in  the  South’s  sweltering 
cities— you  have  to  deal  with  the  new  tide  of  legislation 
swelling  out  of  the  Golden  State. 

Feature  by  Allan  Holmes 


PEER  TO  PEER:  THINKING  THIN  |  40 

How  one  county  government  CIO  got  his 
users  to  go  on  a  thin-client  diet  and  be 
happy  that  they  did. 

Column  by  Phil  Bertolini 


more  » 


www.cio.com  |  JANUARY  15,  2005 


7 


Avaya,  a  global  leader  in  communication  software,  systems  and 
services,  spun  off  from  Lucent  with  a  legacy  IT  infrastructure  that, 
while  efficient,  wasn’t  nimble  enough  to  be  a  competitive  advantage. 
HP  partnered  with  Avaya  to  implement  IT  Service  Management  and 
HP  OpenView,  effectively  re-deploying  existing  technology  assets. 
Today,  IT  spending  is  down  30%.  Millions  have  been  saved  by  finding 
unused  capacity.  And  Avaya  answers  whenever  opportunity  calls. 
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Tech  ROI  !  Small  Wonders 

Under  Development  Cleaning  with  Green  Tea 

Changing  Tech  !  Looking  Out;  Looking  In 
By  Eric  Knorr 
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Trendlines  I  23 

Staffing  |  Grooming  the  Next  Generation 
of  IT  Leaders 

Satellites  |  Space  Kids 

Washington  Watch  !  License  Fees  the  Issue  in 
E-Commerce  Suit 

By  the  Numbers  |  The  Hard  Truth:  Soft  Skills  Matter 

Cartography  Behind  the  Red  and  Blue 

Robots  |  Automation  Nations 

Portals  !  Railroad  Switches  in  the  Sky 

Book  Review  I  Deep  Smarts:  How  to  Cultivate 
and  Transfer  Enduring  Business  Wisdom 


Outsourcing 

INNOVATION  SHIPS  OUT  |  62 

U.S.  computer  makers  such  as  Dell,  Motorola  and  HP  are  outsourcing 
not  just  the  manufacture  but  the  design  of  new  products  to  offshore 
companies.  Could  this  be  the  end  of  America’s  innovative  edge  in 
electronics?  Feature  by  Christopher  Koch 

Staff  Training 

DO-IT-YOURSELF  DEVELOPMENT  |  68 

With  a  deadline  looming  and  an  IT  department  floundering,  a 
midsize  telco  provided  its  programmers  with  on-the-job  mentoring. 

Feature  by  Susannah  Patton 

MODERNIZING  LEGACY  SKILLS  |  CIO.COM 

Phil  Murphy,  a  Forrester  analysts  who  started  as  a  programmer,  is  a 
fan  of  consultant-mentored  employees.  Read  his  report,  “Modernizing 
Legacy  Programmer  Skills.”  www.cio.com/analyst 

Tech  ROI 

SMALL  WONDERS  |  74 

Tiny  technologies  don’t  take  up  much  space,  but  they  can  offer 
payback  that  belies  their  size.  Feature  by  Alice  Dragoon 

Vendor  Relations 

GOOD  PARTNERS  MAKE  GOOD  CUSTOMERS  |  32 

Stop  vendor-bashing.  Productive  relationships  are  your  responsibility. 

Column  by  Monte  Ford 
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The  Story  You  Won’t  Find  Here  i  CIOs  don’t  want  to 
talk  about  the  future  of  the  entry-level  IT  job. 

By  Richard  Pastore 

Inbox  |  20 
Index  |  86 
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From  desktop  to  datacenter,  Utility  Computing  ensures  all  your  critical  data  is  available.  That’s  why  99%  of 
the  FORTUNE  500®  rely  on  VERITAS.  The  world  leader  in  data  recovery.  Software  for  Utility  Computing,  veritas.com 


VERiTAS" 


©  2004  V  ERITAS  Software  Corporation.  All  rights  reserved.  VERITAS  and  the  VERITAS  Logo  are  trademarks  or  registered  trademarks  of  VERITAS  Software 
Corporation  or  its  affiliates  in  the  U.S.  and  other  countries.  Other  names  may  he  trademarks  of  their  respective  owners. 


How  did  80%  of  information 
become  100%  useless? 

What  if  information  could  find  its  way  in  and  out  of 
databases,  all  on  its  very  own?  With  the  Adobe 
Intelligent  Document  Platform,  it's  possible.  When  you 
combine  the  logic  of  XML  and  Adobe  PDF,  suddenly 
documents  are  smarter.  Unstructured  content  unifies  with 
structured  data.  And  information  intuitively  travels  where 
it's  needed,  safely  and  securely.  It's  simplicity  at  work. 
The  Intelligent  Document  Platform.  Better  by  Adobe: 


See  how  smarter  documents  are  working  for  other  companies  at  adobe.com/idp. 


ra 

Adobe 


Adobe*  Intelligent  Document  Platform 


The  Story 
You  Won’t 
Find  Here 


CIOs  don’t  want  to  talk  about 
the  future  of  the  entry-level 
IT  job 


2004  GRAND  NEAL  WINNER 

For  the  second  year  in  a  row, 

CIO  magazine  has  won  the 
prestigious  Jesse  H.  Neal 
National  Business  Journalism 
Award  for  editorial  excellence. 


Beginning  this  issue,  CIO  sports  a  new  table  of  contents,  reengineered  to  focus  on  what 
you  care  about  most:  topics.  Regardless  of  whether  an  article  is  a  magazine  feature  or  col¬ 
umn,  or  a  story  or  an  interactive  tool  on  CIO.com,  you’ll  find  it  listed  under  the  relevant  topic 
heading  on  our  new  TOC.  Our  departments— Trendlines,  Essential  Technology  and  oth¬ 
ers— are  also  indexed  by  topic.  Let  me  know  how  this  works  for  you. 

But  there’s  one  feature  story  you  won’t  see  in  this  issue’s  table  of  contents.  We  had 
planned  to  write  about  the  evolution  of  entry-level  IT  jobs  in  this  era  of  offshore  out¬ 
sourcing.  With  so  many  low-rung  programming  and  maintenance  positions  being 
outsourced,  we  wondered  what  kind  of  jobs  would  be  available  for  our  newly  minted 
MIS  and  CS  grads  in  2005  and  beyond.  Something  more  specialized,  more  business- 
oriented?  What  kind  of  opportunities  would  ensure  a  steady— if  not  robust— flow  in  the  IT 
career  pipeline? 

We  assumed  most  CIOs  would  be  thinking  about  this,  that  some  would  be  concerned, 
and  at  least  a  few  would  have  strategies  in  place. 

They  weren’t,  and  they  didn’t. 

The  story  editor’s  explanation  of  why,  after  weeks  of  reporting,  we  had  no  story: 

“Whatever  concern  some  CIOs  may  have  over  not  hiring  people  for  entry-level  jobs  is, 
at  best,  wishy-washy  and  mostly  lip  service.  They  really  don’t  care.  There’s  some  vague 
talk  of  creating  new,  entry-level-type  positions  in  order  to  have  a  talent  supply  for  the 
future,  but  no  one’s  doing  it;  no  one  has  concrete  thoughts  about  how  to  do  it,  and  no 
one  is  all  that  concerned  about  the  future  in  the  first  place.” 

! 

One  CIO  that  our  reporter  talked  to  said  she  didn’t  need  entry-level  people.  She’d  fill  her 
higher-level  analyst  positions  by  hiring  talent  groomed  at  other  companies.  Of  course, 
this  pragmatic  strategy  falls  apart  if  the  companies  across  town  have  CIOs  who  also  don’t 
need  entry-level  people. 

So  who’ll  be  hiring  and  breaking  in  the 
entry-level  people  who  will  eventually 
migrate  to  the  companies  that  outsourced 
all  their  low-level  jobs?  Perhaps  it  will  be 
the  small  businesses  that  can’t  take  advan¬ 
tage  of  offshore  economies  because  of  their 
size,  or  maybe  it  will  be  the  big  outsourcers 
themselves— such  as  IBM  Global  Services. 

So  be  it:  The  future  of  the  IT  profession  resides  with  small  companies  and  IBM.  I’m  not 
sure  if  that’s  a  comforting  thought.  But  you  don’t  care  anyway. 

Do  you? 


Not  all  of  our  reporting  went 
for  naught  this  month.  We  did 
find  one  CIO  who  has  a  formal 
process  in  place  for  entry- 
level  IT  hiring.  Read  "Groom¬ 
ing  the  Next  Generation  of  IT 
Leaders"  on  Page  23. 


Richard  Pastore,  Editor 

pastore@cio.com 


14 


JANUARY  15,  2005  |  www.cio.com 


PHOTO  BY  ANDREA  FISCHMAN 


FIND 


Where  IP  and  telecom  unite. 
Where  security  is  offensive,  not  defensive. 
Where  e-commerce  is  safe  commerce. 
Where  content  is  mobile  and  personal. 

Where  infrastructure  is  more  intelligent. 


VeriSignf 

Where  it  all  comes  together; 


Billions  of  times  each  day,  the  world  interacts  with  a  company 
you  may  not  realize  is  there.  One  that  is  driving  dynamic 
transformations  at  the  very  core  of  commerce  and  communications. 
VeriSign.”  Through  our  Intelligent  Infrastructure  Services,  we  enable 
businesses  and  individuals  to  find,  connect,  secure,  and  transact 
across  today’s  complex  Internet,  telecom,  and  converged  networks. 

We  operate  the  systems  that  manage  .com  and  .net,  handling 
14-billion  Web  addresses  and  emails  every  day.  We  run  one  of  the 
largest  telecom  signaling  networks  in  the  world,  enabling  services 
such  as  cellular  roaming,  text  messaging,  caller  ID,  and  multi- 
media  messaging.  We  manage  network  and  user  security  for  over 
3,000  global  businesses  and  400,000  Web  sites.  And  we  handle 


over  30  percent  of  all  e-commerce  transactions  in  North  America, 
processing  $100-million  in  daily  sales.  As  next-generation  networks 
emerge  and  converge,  VeriSign  will  be  there,  deploying  the 
Intelligent  Infrastructure  Services  necessary  for  everything  from 
RFID-enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and 
rich  media  content  distribution. 

Whether  you’re  a  telecom  carrier  looking  to  rapidly  deploy  new 
services;  a  Fortune  500  enterprise  needing  comprehensive, 
proactive  security  services;  or  an  e-commerce  leader  wanting 
to  securely  process  payments  and  reduce  fraud,  we  can  help. 
We’re  VeriSign.  Where  it  all  comes  together.™ 


if'  2004  VeriSign.  Inc.  All  rights  reserved.  VeriSign.  the  VeriSign  logo.  "Where  it  all  comes 
together."  and  other  trademarks,  service  marks,  and  designs  are  registered  or  unregistered 
trademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries. 
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Connect.  Any  Way  You  Want. 


On-Demand  Collaboration.  Only  from  Polycom 


It'll  take  the  demands  off  you 


In  this  real-time  world,  instant  access  to  colleagues  around  the  globe  has  become  a  business  mandate.  Only  Polycom  can  bring 
people  together  via  any  combination  of  video,  voice,  data  and  Web  collaboration  -  on-demand.  Without  complex  IT  intervention 
or  advance  reservations.  A  single  dial-in  number  or  buddy  list  securely  connects  any  number  of  participants,  over  any  network, 
any  protocol,  any  speed  or  any  collaboration  device.  And,  you  can  do  it  all  with  confidence  since  Polycom  has  the  most  widely 
used  unified  solution  in  the  world.  It's  really  that  simple.  Isn't  it  time  you  demanded  on-demand  collaboration  from  Polycom? 

Get  a  free  copy  of  the  Unified  Collaborative  Communications  whitepaper  at  www.polycom.com/cio  or  call  1-877-POLYCOM. 
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trademark  of  Polycom,  Inc.  in  the  US.  and  various  countries.  All  other  trademarks  are  the  property  of  their  respective  owners. 


WEIGHING  THE  REAL  COSTS  OF  LINUX 
AND  WINDOWS?  WEIGH  THE 
INTELLECTUAL  PROPERTY  RISKS,  TOO. 


Microsoft 


"To  dote,  IBM,  HP,  Novell,  Red  Hat,  and  other  Linux 
vendors  offer  only  limited  indemnification  against 
intellectual  property  legal  claims  with  exceedingly  low 
liability  caps — or  no  protection  against  third-party 
legal  claims  at  all — leaving  companies  with  the  risk 
of  high  cost  litigation." 

-Laura  DiDio 
Senior  Analyst,  The  Yankee  Group 


When  evaluating  Linux  and  Windows®,  the  Yankee  Group,  a  global  research 
and  consulting  firm,  recommends  that  you  assess  your  company's  exposure 
to  the  cost  of  intellectual  property  disputes.  That's  because  companies  can 
be  sued  for  using  software  that  infringes  intellectual  property  owned  by 
third  parties.  Microsoft  offers  a  strong  indemnity  that  helps  protect  users  of 
its  flagship  products  from  legal  costs  associated  with  intellectual  property 
disputes.  In  comparison,  leading  Linux  vendors  offer  limited  or  no  indemnity. 
For  details  about  Microsoft's  indemnity,  visit  microsoft.com/indemnification 

To  see  a  video  interview  with  Yankee  Group  Senior  Analyst  Laura  DiDio  and  for 
other  third-party  findings,  visit  microsoft.com/getthefacts 
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Balanced 
Scorecard  Evolves 

I  enjoyed  the  Nov.  1  issue,  which  featured 
Susan  Cramm’s  “Balancing  Scorecards 
with  Reality.” 

While  I  agree  the  Balanced  Scorecard  is 
an  invaluable  management  tool,  its  contin¬ 
ued  growth  and  use  depends  on  new  per¬ 
spectives  being  added.  The  growth  of  social 
responsibility  has  elicited  investor  pres¬ 
sure  for  corporations  to  address  issues  and 
make  management  actions  more  visible.  It 
is  my  belief  that  sustainability  activities 
must  become  more  relevant  to  top  manage¬ 
ment  and  more  visible  to  shareholders. 

The  solution  to  this  conundrum  is  to 
include  social  responsibility  and  environ¬ 
mental  management  perspectives  as  part  of 
a  revised  Balanced  Scorecard. 

Incorporating  environmental  manage¬ 
ment  and  social  responsibility  into  the 
Balanced  Scorecard  fosters  dialogue  and 
enhances  a  better  understanding  of  the 
interdependencies  among  all  the  relevant 
business  perspectives.  Failing  to  address 
the  environmental  and  social  aspects 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
le!ters@cio.com.  Letters  may  be  edited  for 
length  or  clarity.  For  a  link  to  the  articles 
mentioned,  go  to  www.cio.com/printlinks. 
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while  considering  business  strategies  and 
operational  directions  will  not  make  those 
issues  disappear.  They  simply  remain 
invisible  during  the  decision  process. 

It  is  both  impractical  and  unwise  to  have 
separate  metric  systems  to  measure  tangi¬ 
ble  and  intangible  business  performance 
factors.  Organizations,  like  the  people  who 
create  and  populate  them,  have  moral  and 
ethical  responsibilities  that  transcend  pure 
business  goals.  Sustainability  has  become 
a  mantra  for  the  21st  century.  It  embodies 
the  promise  of  a  societal  evolution  toward  a 
more  equitable  and  prosperous  world,  in 
which  both  the  natural  environment  and 
human  achievements  are  preserved  for 
future  generations. 

MICHAEL  REINGRUBER 
CIO,  Plexus  Scientific  Corp. 
mreingruber@plexsci.com 

Risk  in  the  World  of  Art 

Excellent  article  on  the  smash-and- 
grab  at  the  Munch  Museum  (Trendlines, 
“Good  IT,  Bad  Behavior,”  Nov.  1).  It  worked 
out  perfectly  to  write  about  this  in  an  issue 
covering  risk  management.  Unfortunately, 
in  this  case,  the  risk  analysis  involved  with 
stealing  artwork  was  conducted  from  two 
totally  different  perspectives. 

The  museum  security  experts  believed 
they  had  managed  the  risk  of  theft  by 
ensuring  that  detection  would  be  a  high- 
enough  risk,  and  thieves  would  choose  to 
avoid  it.  But  the  thieves  decided  to  accept 
the  risk  of  detection  and  chose  to  make 
avoiding  apprehension  a  higher  priority. 

To  put  it  simply,  they  decided  that  in  a 
matter  of  “getting  away— undetected,”  the 
most  important  aspect  for  them  was  to 
get  away. 

EDWARD  ALDAMA 
IT  Manager,  Phoenix  Campus 
University  of  Phoenix 
ed.aldama@phoenix.edu 
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Work  needs  to  get  done 
at  the  office.  Problem  is  vou 


Problem  solved.  With  Siemens  communications  solutions,  you 
don't  need  to  be  connected  to  the  office  to  be  connected.  Siemens’ 
LifeWorks™  strategy  integrates  home  and  business  networks,  both  wired 
and  wireless.  You  can  get  intuitive  real-time  access  to  people,  information 
and  services  regardless  of  your  device,  network  or  location.  You  can 
instantly  collaborate  with  anyone — wherever,  whenever,  however  you 
like.  Time  spent  on  inefficient  communications  goes  down.  Productivity 
goes  up.  Making  life  work  better. 

At  Siemens  we  have  70,000  U.S.  employees  working  together  with 
thousands  more  all  around  the  world.  Exchanging  ideas.  Sharing  knowledge. 
And  strengthening  America’s  infrastructure  and  businesses. 
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Global  network  of  innovation 


www.usa.siemens.com 
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When  business  losses  are  measured  in 
seconds,  preemption  beats  “reaction”  every  time. 


BETWEEN  PREEMPTIVE  AND  REACTIVE  SECURITY. 


(A)  We  you  from 
the  threat  here 


The  only  effective  security  is  preemption.  This  preemptive  power  is  only  available  with  the  Proventia™  Enterprise  Security  Platform  from  Internet  Security  Systems.  When 
security  flaws  are  discovered,  Internet  Security  Systems’  world-renowned  research  team  updates  Proventia  to  immediately  shield  you  before  attacks  are  released. 
Proventia  keeps  you  off  the  path  to  disaster  by  preemptively  securing  your  entire  IT  infrastructure  with  a  unified  family  of  intrusion  prevention  and  vulnerability 
management  products.  In  fact,  when  we  manage  Proventia  for  you,  we'll  even  guarantee  protection.  Need  proof?  Get  your  free  whitepaper,  Preemptive  Protection: 
Setting  a  New  Standard  in  Security,  at  www.iss.net/proof/CIO  or  call  800-776-2362. 
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I.T.  LEADERS 


staffing  Jeff  Campbell  is 
not  your  typical  CIO.  He  didn’t 
start  off  as  an  entry-level  coder 
20  years  ago,  grinding  his  way  up 
through  the  IT  ranks  to  the  top 
spot.  Campbell  actually  began 
his  career  on  the  other  side  of 
the  cube  wall,  as  a  junior  cost 
accountant  for  FedEx.  His  first 
IT  job  is  his  current  one;  in  2002 
he  became  vice  president  of 
technology  services  and  CIO  at 
The  Burlington  Northern  and 
Santa  Fe  Railway  Co.  Even  so, 


Campbell  is  aware  of  how  impor¬ 
tant  it  is  to  attract  and  retain 
entry-level  IT  staffers  at  BNSF  in 
order  to  establish  a  firm  founda¬ 
tion  for  tomorrow’s  leadership 
ranks— especially  as  the  specter 
of  programming  jobs  heading 
offshore  looms  over  computer 
science  undergrads. 

Campbell  is  concerned  about 
the  horde  of  baby  boomers  at 
BNSF  who  will  be  retiring  soon. 
The  average  age  of  the  com¬ 
pany’s  nonunion  employee  (half 


of  Campbell’s  1,164  IT  workers 
are  nonunion)  is  45  years,  with 
an  average  of  18  years  at  BNSF. 
"What’s  more  alarming,”  says 
Campbell,  “is  that  we’re  hearing 
that  there  won’t  be  enough 
workers  from  Gen  X  and  Gen  Y 
to  fill  the  baby  boomer  void." 


BNSF  executives  have  made 
talent  development  a  top  priority, 
and  Campbell  is  no  exception. 

He  says  his  technology  services 
group  has  a  recruitment  program 
that  looks  for  prospects  who 
have  an  understanding  of  core 

Continued  on  Page  24 
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SPACE  KIDS 


A  beaming  University  of 
Stuttgart  researcher  stands  next 
to  The  SSETI  Express  satellite, 
slated  for  launch  this  year. 


satellites  Take  250  engi¬ 
neering  students  spread  across 
Europe,  connect  them  via  the 
Internet,  and  what  do  you  get?  No, 
not  gigabytes  of  illegally  swapped 
MP3  files.  You  get  a  satellite  that’s 
headed  for  space  later  this  year. 

The  satellite,  SSETI  Express 
(SSETI  stands  for  Student  Space 
Education  and  Technology  Initia¬ 
tive)  contains  three  “cubesats,”  each 
about  the  size  of  a  tea  cup,  that  will 
tackle  a  variety  of  experimental 
tasks,  including:  testing  Internet 
protocols  designed  for  the  electri¬ 


cal  interference  of  space;  and  trial 
running  various  satellite  commu¬ 
nications  systems  built  with  low- 
cost,  off-the-shelf  parts  rather  than 
specialized  components.  The  entire 
system  was  developed  by  teams  of 
students  from  more  than  20  uni¬ 
versities,  all  working  together  via 
the  Internet  to  create  the  designs. 
For  their  long-distance  collabora¬ 
tion,  the  SSETI  teams  relied  on 
e-mail,  chat  sessions  and  news- 
group  postings  that  kept  teams 
apprised  of  progress,  with  twice- 
yearly  workshops  bringing  team 
representatives  face  to  face. 

The  teams,  composed  of  select 
motivated  students,  are  expected 


to  deliver  on  their  assignments— or 
else.  “If  a  team  does  not  comply 
with  the  regulations,  their  position 
is  made  available  to  new  teams 
eager  to  join  the  program,”  says 
Marie  De  Cock,  spokeswoman  for 
the  European  Space  Agency  (ESA). 

Once  teams  completed  their 
designs,  they  sent  them  to  the 
European  Space  Technology  Centre 
in  the  Netherlands  where  other 
students— in  cooperation  with 
seasoned  aeronautical  engineers— 
are  currently  working  to  piece 
together  the  devices  in  preparation 
for  a  launch  on  a  Russian  space¬ 
craft  later  this  year. 

-Christopher  Lindquist 
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The  Broader  the  E-Biz, 
the  Bigger  the  Lawsuit 

Dell  gets  sued  for  patent  infringement 

The  Internet  has  made  it  possible  for  every  business  to  become 

an  international  conglomerate  by  selling  products  to  any  consumer  who 
has  online  access  and  a  postal  address.  But  a  lawsuit  by  a  small  software 
company  could  require  any  company  engaged  in  global  e-coinmerce  to 
pay  royalties  to  whomever  owns  the  rights  to  some  of  the  most  mundane 
business  technologies. 

In  October,  DE  Technologies  filed  a  patent  infringement  suit  against  Dell, 
alleging  that  when  Dell  sells  its  PCs  worldwide,  the  computer  maker  uses 
e-commerce  processes  that  DE  Technologies  patented  in  2002.  DE  Tech¬ 
nologies’  business  method  patent  lays  claim  to  eight  fundamental  processes 
for  carrying  out  international  transactions  online.  Examples  include  using 
menus  to  select  a  currency  and  to  calculate  shipping  costs  based  on  where 
and  how  the  product  will  be  shipped.  (For  a  complete  list  of  DE  Technolo¬ 
gies’  claims,  see  www.cio.com/printlinks.) 

DE  Technologies  wants  to  charge  Dell  a  licensing  fee  for  use  of  its 
processes.  Dell’s  online  international  sales  accounted  for  about  $12  billion 
in  the  latest  fiscal  year,  so  even  a  small  fee  could  mean  a  windfall  for  DE 
Technologies  if  the  company  wins.  DE  Technologies  would  also  be  empow¬ 
ered  to  collect  from  other  users.  To  defeat  the  suit,  Dell  will  have  to  prove  it 
already  had  a  system  in  place  that  performed  the  tasks  specified  in  the  law¬ 
suit  before  DE  Technologies  filed  its  patent— called  “prior  art”  in  patent  law 
parlance— or  prove  that  the  methods  automate  tasks  that  previously  were 
done  using  paper  and  pen.  Executives  with  DE  Technologies  and  Dell 
declined  to  talk  about  the  suit. 

In  DE  Technologies’  favor,  points  out  Ira  Heffan,  a  patent  attorney  with 
Testa,  Hurwitz  &  Thibeault,  its  patent  was  reviewed  extensively  by  the  U.S. 
Patent  and  Trademark  Office  (USPTO).  Nevertheless,  says  Mark  Lemley,  a 
professor  at  Stanford  University  Law  School,  a  jury  could  still  find  the  patent 
invalid  because  of  prior  art,  or  it  could  narrow  the  scope  of  the  patent. 

Whatever  the  ruling,  CIOs  can  expect  more  legal  challenges  to  how  they 
use  technology  in  their  businesses.  Since  1998,  when  a  federal  court  ruled 
that  business  method  patents  are  valid,  some  3,300  patents  filed  with  the 
USPTO  have  been  awarded.  Patent  holders 
for  some  of  these  methods  “have  discov¬ 
ered  this  is  a  lucrative  business  model,” 

Lemley  warns.  Which  means  CIOs  will 
end  up  weighing  whether  it’s  cheaper  to 
pay  licensing  fees  or  go  to  court. 

- Allan  Holmes 
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Grooming  IT  Leaders 

Continued  from  Page  23 

technologies  and  also  know  how  to  do  project 
management  and  business  process  redesign,  and 
can  manage  service-level  agreements  and  determine 
ROI  on  IT.  “But  we  haven’t  reached  a  point  where 
we’re  finding  [those  skills]  in  the  marketplace," 
he  says.  “So  we  try  to  infuse  them  here.” 

Prospects  come  in  all  shapes  and  sizes,  Campbell 
says.  There  are  interns,  whom  BNSF  snags  as 
undergrads;  recruits  from  colleges  and  job  fairs; 
general  marketplace  hires;  and  transfers  from 
BNSF’s  other  departments.  One  of  the  ways  BNSF 
“infuses”  some  of  its  new  hires  in  technology 
services  is  by  sending  them  through  a  six-  to 
12-month  cross-functional  training  program. 

The  Corporate  Management  Trainee  program  is 
for  recent  college  graduates  in  the  operations, 
engineering,  mechanical,  finance,  marketing  and 

technology  services 
departments. 

The  purpose  of  the 
program  is  to  provide 
a  source  of  future 
managers,  support 
diversity  goals  and 
bring  in  fresh  ideas. 
Trainees  take  railroad 
industry  courses, 
meet  with  BNSF 
senior  executives, 

receive  new-hire  orientation  and  work  on  railroad 
case  studies. 

Mark  Lutchen,  a  partner  in  the  IT  business  risk 
management  practice  at  PricewaterhouseCoopers, 
stresses  the  importance  of  this  apprentice-type  IT 
career  model  that  incorporates  the  other  parts  of 
the  business.  The  benefit  for  CIOs  is  that  the  more 
steeped  their  staffers  are  in  business  knowledge, 
the  more  aligned  IT  will  be  with  the  business  side. 

Though  Campbell  is  serious  about  grooming 
BNSF’s  future  IT  workers,  he  also  believes  in 
outsourcing;  currently  IBM  Global  Services  is 
responsible  forthe  railroad's  mainframe  and 
midtier  computing  infrastructure,  and  40  percent 
of  new  application  development  is  done  by 
Infosys  in  India.  This  blended  approach  allows 
him  to  take  advantage  of  outsourcing’s  cost 
savings  while  keeping  a  firm  grip  on  the  knowl¬ 
edge  of  in-house  staffers.  -Thomas  Wailgum 


JEFF  CAMPBELL 

CIO,  Burlington  Northern 
and  Santa  Fe  Railway 
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WE’RE  PUTTING  COMPUTER 
R&D  WHERE  IT  BELONGS. 

-  In  your  Business .  - 
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Dancing  robots  and  Artificial  Intelligence  make  great  press 
release  material,  but  what  exactly  do  they  do  to  improve 
your  business? 

At  Fujitsu,  we’re  concerned  with  R&D  that  helps 
CIOs  run  their  business  more  efficiently.  In  fact,  we  invest 
billions  of  dollars  annually  in  developing  technology  solu¬ 
tions  and  providing  the  right  products  for  our  customers 
to  achieve  maximum  enterprise  performance.  This  R&D 
effort  is  the  foundation  of  the  Fujitsu  PRIMEPOWER' 
and  PRIMERGY®  server  lines,  which  deliver  mission-critical 
reliability,  availability  and  serviceability. 

Thanks  to  our  real-world  R&D  philosophy,  we’ve 
become  a  company  that  offers  CIOs  the  high-performance 
mobile  computers,  scalable,  reliable  servers,  and  managed 
and  professional  services  they  need. 

If  you  are  looking  for  an  IT  partner  whose  R&D 
investment  actually  does  your  company  some  good,  visit 
us.fujitsu.com/computers/RD  or  call  1-800-831-3 183. 
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THE  POSSIBILITIES  ARE  INFINITE 
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by  the  numbers 

BY  JON  SURMACZ 


THE  HARD  TRUTH: 

Soft  Skills  Matter 

Many  companies  offer  non-IT  training  to  IT  pros 


It’s  not  enough  anymore  to  be  a  crack  programmer 
or  a  nimble  network  administrator.  These  days, 
CIOs  need  IT  staffers  to  share  more  of  the  burden  of 
business,  to  interact  with  other  departments  and  to 
communicate  effectively  with  colleagues.  These 
non-IT  skills  (business  acumen,  communication, 
leadership,  project  management  and  so  on),  often 
called  “soft”  skills,  are  increasing  in  importance  as 
IT  becomes  more  strategic.  That’s  why  53  percent  of 
CIOs  said  they  offer  IT  employees  training  in  non- 
IT  areas,  in  a  survey  of  1,420  CIOs  done  by  an  inde¬ 
pendent  research  group  for  Robert  Half  Technology, 
a  global  provider  of  technology  professionals. 

“IT  people  need  to  have  the  ability  to  communi¬ 
cate  at  the  board  level,”  says  Katherine  Spencer 
Lee,  executive  director  at  Robert  Half  Technology. 
“Being  able  to  understand  the  business  needs 


of  an  organization  and  translate  that  to  a  techno¬ 
logical  solution— to  me,  that’s  where  the  rubber 
meets  the  road.” 

According  to  the  survey,  midsize  to  large  compa¬ 
nies  (those  with  more  than  1,000  employees)  are 
more  likely  to  provide  non-IT  training  to  their  IT 
group  than  smaller  companies.  Lee  explains  that 
larger  companies  are  able  to  benefit  from  volume 
discounts  on  programs  and  materials.  The  survey 
also  showed  that  70  percent  of  business  services 
firms  invest  in  soft  skills  training— more  than  any 
other  industry  sector.  Lee  says  such  firms  place  a 
very  high  priority  on  customer  relations  and  there¬ 
fore  see  to  it  that  all  their  employees  have  well- 
developed  interpersonal  skills.  She  expects  that 
more  and  more  companies  across  all  industries 
will  offer  soft  skills  training  in  the  future. 


THE  MOST 

IMPORTANT 

SOFT  SKILLS  FOR 
I.T.  STAFFERS 


37% 

interpersonal 

skills 


20% 

Written  or  verbal 
communication 


Who  offers  soft  skills  training? 

53%  OF  ALL  COMPANIES  SURVEYED.  62%  OF  COMPANIES  WITH  MORE 
THAN  1,000  EMPLOYEES.  70%  OF  BUSINESS  SERVICES  COMPANIES. 


Best  Practices 

Partner  with  your  staff  develop¬ 
ment  or  HR  department.  Once 
you  determine  what  your  staff 
needs  (business  training,  com¬ 
munication  training,  presenta¬ 
tion  skills  and  so  on)  you  can 
approach  these  groups  to  deter¬ 
mine  what  is  already  available 
internally  or  to  research  what  is 
commercially  available. 

Think  big  but  start  small.  While 
it  is  important  to  provide  your 
entire  staff  with  training  and 
development  in  “soft”  skills,  you 


should  start  with  a  small  group 
of  individuals  whose  training 
could  most  benefit  your  organi¬ 
zation— this  can  also  help  to 
“build  a  case”  for  additional 
employees  receiving  this  training. 
Get  involved.  Spend  time  with 
the  employees  who  are  receiving 
the  training— know  what  they 
are  learning  and  how  they  are 
planning  to  implement  and  exe¬ 
cute  their  new  skills  in  the  work¬ 
place.  Then  develop  action  plans 
with  your  team  for  further  train¬ 
ing  if  necessary. 

Look  outside.  If  your  company 


doesn’t  provide  internal  training, 
encourage  staff  to  participate  in 
industry  associations  and  user 
groups.  Such  organizations  often 
provide  seminars  on  technical 
and  nontechnical  issues,  and  the 
additional  interaction  will  help 
build  interpersonal  skills. 
Support  the  program.  Whatever 
format  is  used  to  develop  these 
skills,  whether  it’s  internal  or 
external,  if  management  doesn’t 
provide  staff  members  with  the 
flexibility  and  support  to  take 
advantage  of  the  training,  they 
likely  won’t  do  so. 


17% 

Ability  to 
work  under 
pressure 


11% 

Overall  business 
acumen 


7% 

Professional 

demeanor 


8% 

Other/ 
Don’t  know 


SOURCE:  Robert  Half  Technology 
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Behind  the 


REDBHOBLUE 


CARTOGRAPHY  As  the 

election  results  came  in  on  Nov. 

2,  TV  commentators  were  quick 
to  color  states  either  red  (for 
George  Bush)  or  blue  (for  John 
Kerry).  The  result  was  the  now- 
familiar  image  of  a  wide  red  sea 
crashing  against  a  thin  blue 
shore,  inspiring  both  breast¬ 
beating  (among  Democrats)  and 
chest-thumping  (among  Repub¬ 
licans).  (See  Figure  1.)  But  how 
meaningful  is  that  representation 
of  the  recent  election? 

President  Bush,  indeed,  won  a 
wide  swath  of  states  in  the  West, 


Midwest  and  South  (thereby 
capturing  the  electoral  votes 
needed  to  win),  but  the  popular 
vote  within  those  red  states  was 
often  considerably  closer  than 
the  network  election-night  map 
was  designed  to  show. 

To  come  up  with  a  map  that 
reflected  the  popular  vote  (as 
opposed  to  electoral  college 
results),  three  researchers  from 
the  University  of  Michigan 
borrowed  a  concept  from 
physics.  Usingthe  diffusion 
method— in  which  the  voting 
population  is  treated  much  as  if  it 


were  a  cloud  of  gas  that’s  con¬ 
centrated  in  some  areas  and 
attenuated  in  others— the 
researchers  developed  a  software 
program  to  create  a  cartogram. 

"A  cartogram  is  a  map  in 
which  the  sizes  of  the  areas 
displayed  are  not  proportional  to 
actual  boundaries  but  to  some 
other  criteria,  which  in  this  case 
was  the  total  population,”  says 
Mark  Newman,  an  assistant 
professor  of  physics  and  complex 
systems  at  Michigan. 

The  researchers  input  census 
figures  from  2000  into  the 


software,  which  then  drew  state 
lines  proportional  to  population 
size.  The  resulting  map,  accord¬ 
ing  to  Newman,  more  accurately 
reflects  the  character  of  the 
recent  contest.  (See  Figure  2.) 

While  Democrats  may  find 
solace  in  Newman’s  map, 
Americans  should  realize  that 
neat  divisions,  such  as  the 
election  night  red  and  blue,  often 
disguise  more  than  they  reveal. 
Or,  as  semanticist  S.l.  Hayakawa's 
favorite  epigram  goes,  "The  map 
is  not  the  territory." 

-Megan  Santosus 


[election  NIGHT  network  map] 


[election  map  adjusted  for  population] 
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AUTOMATION  NATIONS 

The  use  of  personal  and  domestic 
robots  worldwide  for  tasks  such  as 
vacuuming,  lawn  mowing  and  pool 
cleaning  will  increase  from  607,000 
units  in  2003  to  4.1  million  units 
with  an  estimated  value  of 
$2.7  billion  by  2007. 


SOURCE:  United  Nations  Economic  Commission  for  Europe 
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Managing  some  of  the  parts  or 
the  sum  of  the  parts? 


holistic:  // 

(whok'is-tic) 

the  importance  of 
the  whole  and 
interdependence 
of  its  parts. 


Maximize  IT  value  with  holistic  IT  management  and  governance 

IT  is  a  complex  business  within  a  business:  a  set  of  interdependent,  business-critical  functions  that 
your  organization  relies  on  to  succeed.  Effective  governance  requires  seamless  control  and  a  clear 
understanding  of  how  these  parts  work  together.  Compuware  IT  Governance  by  Changepoint  gives 
you  the  power  to  manage  IT  as  an  integrated  whole  and  maximize  the  value  of  every  project,  application 
and  infrastructure  investment. 

Awarded  “Best  Solution”  by  attendees  at  the 

Gartner  Project  and  Portfolio  Management  2004  Conference 


Visit  our  Governance  Resource  Center  at 

www.compuware.com/holistic 

for  expert  views  on  IT  Governance 


portals  You  mightthink 
that  planes  can  fly  wherever  they 
please  once  they  take  off.  But  in 
fact,  they’re  following  specific 
tracks,  or  3-D  roads,  in  the  sky. 
The  number  and  location  of  these 
tracks  over  the  North  Atlantic  vary 
from  one  day  to  the  next  depend¬ 
ing  on  weather  conditions,  the 
location  of  the  jet  stream  and 
air  traffic  volume.  So  if  you  want 
to  fly  through  North  Atlantic 
airspace,  you've  got  to  check 
with  Nav  Canada  (the  Federal 
Aviation  Administration's 
Canadian  counterpart)  to  find 
out  the  tracks’  locations  before 
planning  your  route.  In  the  past, 


Nav  Canada  announced  the 
number  and  location  of  North 
Atlantic  tracks  12  hours  in  advance 
on  AFTN,  airlines’  international 
communications  channel.  Airline 
dispatchers  had  no  input  into 
how  many  tracks  would  be 
offered  or  where  they’d  be. 

Now  Nav  Canada’s  National 
Operations  Center  posts  its 
proposed  eastbound  and  west¬ 
bound  tracks  on  a  Plumtree 
Software-based  portal.  “Cus¬ 
tomers  who  are  going  to  use  the 
tracks  can  see  them  and  can 
provide  feedback  up  to  12  hours 
before  we  open  the  tracks,”  says 
Don  Kelly,  Nav  Canada’s  director 


of  IM  and  Enterprise  Technology 
Security.  Being  able  to  voice 
through  the  portal  their  assess¬ 
ments  of  weather  conditions, 
the  jet  stream's  position  and 
how  best  to  maximize  time  and 
fuel  efficiency,  "customers  can 
have  an  influence  on  where  the 
tracks  are,”  Kelly  explains.  Nav 
Canada  reviews  all  feedback 
and,  when  warranted,  adjusts 
tracks  accordingly. 

Another  Plumtree  portal  lets 
Nav  Canada  give  airlines  near 
real-time  information  on  delays 
aircraft  face  on  the  ground  at 
airports  in  Toronto  and  Calgary. 
The  Airport  Performance 


Monitor  portal,  which  helps  staff 
manage  aircraft  movements  and 
flight  plans,  is  fed  schedule  and 
aircraft  movement  data  from  Nav 
Canada,  customers  and  airport 
authorities  (such  as  deicing 
subcontractors).  The  portal  then 
reports  time  to  taxi  (elapsed  time 
before  an  aircraft  can  taxi  for 
takeoff)  and  percent  to  gridlock 
(how  close  the  number  of  aircraft 
on  the  ground  is  to  the  maximum 
numberthatthe  airport  can  han¬ 
dle).  The  result:  knowing  in  near 
real-time  how  long  an  aircraft  will 
have  to  wait  before  it  can  taxi  to 
the  runway  gives  dispatchers 
more  options.  -Alice  Dragoon 


Deep  Smarts 

By  Dorothy  Leonard  and  Walter  Swap 
Harvard  Business  School  Press,  2005,  $29.95 


Knowledge  Transfer  Tips 


When  employees 
leave,  how  can  the 
company  make 
sure  all  that  expert 
knowledge  doesn't 
walk  out  the  door 
with  them? 


book  review  Companies  that 
learn  how  to  transfer  employees’ 
expertise  and  make  that  transference 
a  priority  will  not  see  their  intellec¬ 
tual  capital  exit  when  employees  retire, 
transfer  or  take  other  jobs,  say  the 
authors  of  a  new  book,  Deep  Smarts: 
How  to  Cultivate  and  Transfer  Enduring 
Business  Wisdom.  Dorothy  Leonard,  a 
Harvard  Business  School  professor 
emerita,  and  Walter  Swap,  a  former 
dean  and  psychology  professor  at  Tufts 
University,  based  Deep  Smarts  on  a 
dotcom-era  study  they  did  on  Internet 


3  0 


entrepreneurs  and  coaches.  What  the 
authors  conclude  is  that  becoming  an 
expert  can  take  up  to  a  decade  of 
focus,  hands-on  participation,  feed¬ 
back  and  reflection.  In  other  words, 
deep  smarts  can’t  be  acquired  in  a 
weekend  workshop  or  during  a  thrill- 
a-minute  dotcom  gold  rush. 

So  what  can  an  organization  do  to 
transfer  its  employees’  deep  smarts 
effectively?  The  authors  advocate  for 
the  use  of  knowledge  coaches,  who 
can  be  anyone  with  expertise  to  share. 
Because  deep  smarts  are  the  product 
of  hands-on  experience,  the  authors 
prefer  the  Socratic  method  of  teaching 
(one-on-one  questioning  and  dialogue) 


to  lectures  and  seminars.  And  they 
recommend  the  use  of  simulations 
(from  role-playing  and  case  studies 
to  virtual  reality  games)  as  a  way  to 
permit  learners  to  fail— and  thereby 
learn— without  repercussions. 

Included  are  real-life  stories  and 
case  studies— an  Indian  entrepre¬ 
neur’s  attempt  to  emulate  Staples 
in  his  homeland,  for  instance,  or 
NASA  engineers’  disbelief— even 
after  it  was  proven— that  insulating 
foam  could  have  been  responsible 
for  the  Columbia  tragedy.  These 
examples  lend  a  rich  context  to 
the  discussion. 

-Diann  Daniel 
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Citrix  helps  HP  increase 
productivity  by  giving  our 
employees  easy  and  secure 
access  to  standardized 
business-critical  applications  - 
from  anywhere  in  the  world.” 

Gilles  Bouchard,  CIO 
and  EVP  of  Global  Operations 

Hewlett-Packard  Company 

INFRASTRUCTURE  FOR  THE  ON-DEMAND  ENTERPRISE 

As  a  constantly  expanding  global  corporation, 

HP  faces  a  variety  of  IT  challenges  to  ensure  its 
145,000  employees  around  the  globe  have  access  to 
the  bandwidth-intensive  applications  they  need  to 
do  their  jobs.  HP’s  global  operations  require  access 
to  critical  applications  in  far-reaching  corners  of 
the  world  and  deployment  of  applications  across 
a  diversity  of  platforms.  So  HP  did  what  99%  of 
the  Fortune  500  have  already  done.  They  turned 
to  Citrix.  Now  HP  is  able  to  provide  its  employees 
with  secure  access  to  information  —  regardless  of 
location,  platform  or  device  used.  Citrix  is  helping 
HP  —  and  120,000  other  customers  —  save  money 
and  reduce  IT  complexity.  We  call  it  the  on-demand 
enterprise.  To  learn  what  Citrix  can  do  for  your 
business,  call  888-820-7918  or  visit  www.citrLx.com. 

dTRIX 

©2004  Citnx  Systems,  Inc.  Al  rights  reserved.  Citrix  is  a 
registered  trademark  of  Citrix  Systems,  Inc.  in  the  U.S.  and 
other  countries.  All  other  trademarks  and  registered  trademarks 
are  the  property  of  their  respective  owners. 


Monte  Ford 


TOTAL  LEADERSHIP  MASTERING  THE  ART  OF  LEADING  I.T. 


Good  Partners  Make 
Good  Customers 


Stop  vendor-bashing.  Productive  relationships  with  suppliers  are  your  responsibility. 


Some  CIOs  don’t  spend  any  time  trying  to  be  good  cus¬ 
tomers.  Instead,  they  and  their  IT  organizations 
spend  a  lot  more  time  finding  fault  with  their  vendors 
when  they  should  be  trying  to  find  the  value  of  work¬ 
ing  together.  In  fact,  it’s  the  customer’s  responsibility  to  turn 
vendor  relationships  into  partnerships,  in  which  each  party  is 
willing  to  bet  part  of  its  success  on  the  other’s  ability  to  deliver 
on  its  promises.  As  the  customer,  you  are  in  the  best  position  to 
take  the  lead  in  developing  a  positive  relationship  with  your 
vendors,  because  you  are  the  one  who  defines  business  success. 
You  determine  when  the  relationship  starts,  when  it  ends  and 
how  close  you  become. 

Vendor-bashing  has  become  sport  in  some  IT  departments.  But 
good  customers  don’t  rant  and  rave  every  time  there  is  a  problem 
with  a  supplier.  Rather,  they  promote  a  system  of  accountability 
on  both  sides  of  the  table.  CIOs  who  are  good  customers  forge  rela¬ 
tionships  with  their  partners  at  multiple  levels  in  order  to  have 
substantive  discussions  and  solve  problems  quickly.  We  set  the 
tone  and  the  ground  rules  for  our  partner  relationships. 

How  to  Be  a  Good  Customer 

A  first  step  to  becoming  a  good  customer  is  to  think  beyond  your 
own  interests  and  to  understand  what  your  partner  wants  to  get 
out  of  the  relationship.  You  probably  haven’t  been  to  many 
meetings  where  the  subject  is  the  success  of  your  partner.  But 
it  is  important  to  have  your  staff  focused  on  the  partner’s  suc¬ 
cess  as  well  as  their  own.  You  can  take  the  lead  by  learning 
what  motivates  your  partner  and  communicating  that  inter¬ 
nally.  For  example: 

■  Know  the  vendor’s  goals  and  objectives  as  a  company. 

■  Conduct  meetings  where  the  goal  is  to  determine  how  you  can 
improve  your  own  processes  in  order  to  help  the  vendor  achieve 
its  goals. 
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ILLUSTRATION  BY  MARC  MONGEAU 


Your  data 
is  7  pounds, 
3  ounces. 


Digital  photography  is  more  than  just  jpeg  files.  It’s 
sharing  a  grin  with  Grandma.  It’s  sending  giggles 
and  gurgles  to  aunts  and  uncles.  That’s  why  Hitachi 
hard  disk  drives  are  the  industry  choice  for  digital 
cameras,  and  proud  parents. 
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Computer  games  are  more  than  just  data.  They’re 
fun,  fodder  for  the  imagination,  even  a  way  to  build 
confidence.  That’s  why  leading  PC  game  system 
designers  use  Hitachi  storage  technologies  to  drive 
their  systems,  and  their  gamers. 
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Data  security  is  more  than  keeping  1’s  and  O’s  safe. 
To  him,  it  provides  the  confidence  required  to  run  a 
global  enterprise,  and  still  get  a  good  night’s  sleep. 
That’s  why  half  of  the  FORTUNE  100  use  Hitachi 
storage  technologies  to  protect  their  data,  and  their 


peace  of  mind. 


We  realize  that  data  is  more  than  1’s  and  O’s. 


hitachiyourdata.com 


Digital  photos  are  really  life’s  special  memories,  and  medical 
records  can  be  the  freedom  to  live  life  to  the  fullest.  We 
understand  the  imagination  inspired  by  gaming  systems  and 
that  a  data  backup  system  really  protects  the  sweat  and  hard 
work  of  an  entire  organization.  In  everything  we  do,  from  the 
smallest  Microdrive®  media  to  the  largest  multi-terabyte  SAN 
solution,  we’re  inspired  by  the  human  side  of  data. 


HITACHI 

Inspire  the  Next 


CIO  magazine,  in  association  with  the  CIO  Executive  Council,  is  pleased 
to  announce  the  first  ever  Ones  to  Watch  award.  This  new  award 
will  identify  the  rising  stars  in  IT— senior  staff  who  are  destined  to 
become  the  CIOs  of  the  future.  These  future  CIOs  must  have 
demonstrated  leadership,  driven  innovation  and  delivered  value  to  the 
business;  in  short,  they  will  soon  be  able  to  head  up  their  own  IT 
organization.  Candidates  should  currently  be  deputy  CIOs  or  top  IT 
lieutenants— but  not  yet  full-fledged  CIOs. 


how  to  apply  |  We  encourage  CIOs 
to  nominate  candidates  based  upon 
the  characteristics  identified  in  the 
application  form  at  cio.com/awards. 
Candidates  may  nominate  themselves 
or  be  nominated  by  another,  but  all 
nominations  must  be  sponsored  by  a 
CIO.  A  panel  of  leading  CIOs  will 


judge  the  nominees  and  choose  our 
winners,  who  will  be  honored  at  an 
awards  ceremony  in  May  and  featured 
in  a  special  July  issue  of  CIO. 
deadlines  |  The  application  will  be 
online  from  Jan.  3  until  Jan.  31,  2005. 
For  more  information  on  this  exciting 
new  award,  visit  www.cio.com/awards. 


For  information  on  the 

CIO  Executive  Council,  please  go  to 

www.  cioexecuti  vecouncil.  com . 


The  Resource 
for  Information 
Executives 


Monte  Ford  total  leadership 


■  Know  the  account  and  support  team’s  goals,  and  what  they 
need  to  achieve  to  be  perceived  as  successful. 

■  Find  out  the  reputation  of  your  account  team,  and  then  help 
them  become  the  best  one  in  their  company.  Your  account  team 
should  be  able  to  attract  the  best  talent  available. 

I  once  heard  an  employee  lamenting  that  the  software  com¬ 
pany  we  were  about  to  buy  a  product  from  was  going  to  make 
a  big  margin  on  the  sale.  I  swiftly  pulled  the  gentleman  aside 
and  explained  that  we  were  proud  to  be  part  of  that  company’s 
success,  and  that  we  want  to  pay  a  reasonable  price  for  the 
products  we  use. 

Like  most  people,  I  like  being  sold.  That’s  right,  I  like  it  and 
so  do  you.  If  I  am  sold  on  something,  it  means  that  I  believe  the 
product  or  service  will  be  beneficial  to  my  company.  It  usually 
means  that  I  am  also  in  sync  with  the  vendor  and  that  we  want 


try  to  use  it.  If  a  networking  vendor  wants  to  sell  me  a  solution, 
they  should  talk  to  my  network  manager  first  before  they  attempt 
to  set  up  a  meeting  with  me.  Directing  companies  to  establish 
credibility  within  your  ranks  is  a  good  way  to  drive  vendors 
toward  partnerships  at  all  levels  within  the  IT  organization. 

American  Airlines  conducts  partner  conferences  a  few  times 
a  year  with  the  companies  that  we  have  the  closest  relationships 
with.  We  get  our  10  main  partners  in  a  conference  room  and 
present  them  with  the  things  that  are  important  to  us  as  a  com¬ 
pany.  Each  partner  chooses  two  representatives,  and  my  sen¬ 
ior  leadership  team  is  present.  We  share  our  IT  and  business 
strategies,  goals  and  upcoming  projects.  We  also  tell  them  how 
we  will  evaluate  their  performance  and  the  criteria  and 
processes  we  will  use  to  make  upcoming  decisions  about  proj¬ 
ects,  products  and  services. 


You  are  in  the  best  position  to  take  the  lead  in  developing  a 
positive  relationship  with  your  vendors,  because  you  are  the 
one  who  defines  business  success. 


the  product  or  service  to  work  for  both  of  our  sakes.  Not  only 
do  I  like  being  sold  on  what  I  purchase,  but,  get  this,  I  want  the 
vendor  to  make  money  as  well.  That’s  right:  a  profit.  If  the  peo¬ 
ple  you  are  doing  business  with  can’t  make  deals  that  make 
business  sense,  they  will  go  out  of  business.  Out  of  business  is 
not  good  for  you  or  them. 

I  once  helped  establish  a  partnership  with  a  vendor  by  direct¬ 
ing  the  company  to  do  a  transaction  with  my  company  that 
was  not  in  their  short-term  revenue  interest  but  which  I  could 
demonstrate  would  be  more  profitable  over  the  long  term.  Our 
agreement  solved  my  short-term  budget  needs,  but  it  required 
them  to  trust  me.  We  worked  together  to  make  sure  I  deliv¬ 
ered  my  end  of  the  bargain,  and  as  a  result,  the  project  was  a 
success  for  both  of  our  companies. 

Get  Vendors  on  the  Right  Track 

Being  a  good  customer  also  means  training  your  partners  to  be 
more  effective.  Start  by  sharing  your  IT  and  business  goals 
and  by  educating  them  on  how  to  work  with  your  company.  Let 
them  know  how  they  can  be  successful.  When  they  have  insight 
into  your  needs,  your  partners  won’t  have  to  ask  what  are  prob¬ 
ably  the  most  annoying  questions  in  all  of  the  business  world: 
What  keeps  you  up  at  night?  What  are  your  business  drivers? 
Or  what  is  your  biggest  problem  right  now?  (One  day  a  vendor 
is  going  to  ask  me  about  my  biggest  problem  and  I  am  going 
to  answer:  You!) 

First,  let  vendors  know  that  they  should  study  your  company 
before  trying  to  sell  you  their  products.  Tell  them  to  work  first 
with  people  at  lower  levels  within  your  IT  department  to  deter¬ 
mine  if  what  they  have  to  offer  makes  sense  and  how  you  should 


Finally,  educate  partners  about  how  they  can  become  easy  to 
do  business  with.  When  my  company  works  with  a  partner,  I 
don’t  want  to  have  to  navigate  their  internal  bureaucracy  to 
complete  a  deal.  Having  to  deal  with  a  vendor’s  red  tape  is  one 
of  the  biggest  problems  standing  in  the  way  of  true  partnership 
with  supplier  companies,  because  it  creates  frustration  for  the 
customer. 

I  recently  did  a  big  deal  with  a  large  IT  company.  In  the 
process,  there  were  many  people  at  the  vendor  company  that 
could  stifle  the  deal,  and  it  was  hard  to  find  a  single  individual 
accountable  for  making  it  happen.  We  almost  walked  away. 
Instead,  we  assembled  a  room  full  of  people  to  get  the  deal 
done.  Another  approach  is  to  require  vendors  to  work  through 
issues  such  as  who  gets  credit  for  the  sale  before  a  contract  is 
on  the  table.  For  vendors,  keeping  this  kind  of  ugliness  away 
from  me  as  a  customer  is  a  great  way  to  start  to  become  a  real 
partner.  But  my  responsibility  as  the  customer  requires  that 
I  set  the  ground  rules. 

Any  company  doing  business  with  us  knows  that  we  are 
mot  the  perfect  customer  yet.  But  we  are  trying  to  be  every  time 
we  buy  a  product  or  service.  This  is  a  goal,  not  just  of  Ameri¬ 
can  Airlines,  but  of  mine  personally.  The  end  result  will  be 
that  while  we  manage  the  technology  assets  of  the  company  and 
act  as  the  custodians  of  its  technological  future,  we  will  improve 
our  ability  to  be  successful  by  helping  our  part¬ 
ners  be  successful  as  well.  BEI 


Monte  Ford  is  senior  vice  president  and  CIO  of  Ameri¬ 
can  Airlines.  Send  your  thoughts  about  this  column  to 
leadership@cio.com. 
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LAWSON 


It’s  Time 


Need  more? 


It's  time  your  business  application  software  fulfilled  its  mission  of  imp 
efficiency  and  productivity.  It's  time  your  software  provider  listened  to 
more  importantly,  responded  to  your  needs. 


solutions  that  will  always  be  there  when  you  need  them 
or  visit  www.lawson.com.  It's  time  to  turn  to  Lawson. 


call  1-800-477-1357 


©2005  Lawson  Software.  All  rights  reserved, 


MAKING  I.T.  WORK  IT'S  ALL  ABOUT  THE  EXECUTION 


Michael  Schrage 


Prune  IT  Systems, 

Not  Budgets 

If  you  want  to  cut  costs  but  avoid  painful  consequences  to  the  business,  don’t  just  slash  IT 
spending;  prune  redundant  systems,  and  make  sure  your  CFO  and  CEO  know  why 


At  a  lunch  late  last  year,  the  CIO  of  a  billion-dollar 
division  of  a  Fortune  500  company  vented  his 
fury  about  his  corporate  CFO.  “All  the  guy  cares 
about  is  cutting  costs,”  he  seethed.  “He  doesn’t 
really  care  how  well  the  systems  work;  he  doesn’t  really  care 
what  it  means  to  maintain  or  improve  them;  and  he  doesn’t 
care  if  spending  a  million  more  this  year  will  save  10  million 
next  year.  He  just  wants  to  show  what  a  hard-nosed,  cost-cutting 
bastard  he  is.” 

That’s  not  verbatim,  but  it  accurately  captures  the  substance 
and  sentiment  of  this  CIO’s  bitter  soliloquy.  Yes,  the  global  econ¬ 
omy  seems  to  be  coming  back.  Yes,  the  IT  spend  has  ticked 
upward.  However,  the  post-bubble-bred  tension  between  IT 
investment  and  IT  spending  is  as  fractious  as  ever.  Finance 
may  have  switched  from  machetes  to  switchblades  in  its  ongo¬ 
ing  efforts  to  slash  dollars  and  euros  from  global  IT  budgets,  but 
its  cost-containment  culture  appears  unyielding. 

CIOs  have  good  reason  to  be  irked  by  this  reflexive  financial 
fundamentalism.  But  they  frequently  (and  understandably) 
4ack  the  credibility  to  make  the  case  that  cost-cutting  can  be  a 
counterproductive  waste  of  time,  effort  and  money. 

Good  news.  Hard-won  empirical  evidence  from  several  of 
the  world’s  largest  companies  indicates  that  cutting  IT  costs  is 
one  of  the  most  expensive  things  an  organization  can  do.  Cutting 
costs  is  rarely  cost-effective.  CFOs  who  measure  their  impact 
by  the  IT  budgets  they  sliced  and  diced  are  not  doing  their  jobs. 

Speaking  at  a  recent  CIO  Summit,  GM  CTO  Tony  Scott  dis¬ 
closed  that  when  the  world’s  largest  auto  company  (and,  not  inci¬ 
dentally,  one  of  the  world’s  largest  enterprise  consumers  of  IT 
products  and  services)  reviewed  the  real  impact  of  its  IT  cost- 
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ILLUSTRATION  BY  VINCENT  DESRUISSEAUX/COLAGENE.COM 


Enter 


Can  your  software  provider.  Shift  -t  your  needs? 


/ 


start 


The  larger  the  provider,  the  less  nimble  they  are  and  the  sloppier  the 
implementation  can  be.  SAP  has  a  long  list  of  failed  upgrades,  cost  overruns 
and  dissatisfied  customers.  But  they  are  big. 

For  full  service  ERP  solutions  that  will  always  be  there  when  you  need  them 
call  1-800-477-1357  or  visit  www.lawson.com/shift.  It's  time  to  turn  to  Lawson. 


LAWSON 


It’s  Time: 


Michael  Schrage 


MAKING  I.T.  WORK 


cutting  initiatives,  it  discovered  virtually  no  money  had  been 
saved.  To  the  contrary,  GM  found  that  its  traditional  IT  cost-cut- 
ting  efforts  provoked  perverse  consequences  that  proved 
painfully  expensive.  For  example,  IT  had  to  put  off  a  neces¬ 
sary  upgrade  of  a  mission-critical  system  for  a  year,  even  as 
clearly  redundant  systems  were  preserved. 

So  what  works?  GM  learned  that  the  healthiest  ROI  came 
from  “systems  reduction”  rather  than  “cost  reduction.”  In  other 
words,  Scott  says,  you  save  more  money  by  refocusing  the  busi¬ 
ness  on  cutting  the  number  of  IT  systems  instead  of  the  volume 
of  IT  expenditures.  The  best  way  to  prune  IT  budgets  was  to 
prune  IT  systems.  According  to  Scott,  system  reduction  savings 
proved  more  durable,  sustainable  and  valuable  than  savings 
driven  by  the  bean-counting  budget  slashers. 

Indeed,  responding  to  a  disbelieving  question  from  the  mod¬ 
erator  (me),  Scott  acknowledged  that  CFOs  who  set  their  sights  on 
cutting  IT  budgets  were  doing  their  company  a  disservice.  Cutting 
IT  budgets  without  cutting  IT  systems  left  companies  with  the 
worst  of  both  worlds:  underfunded  and  underperforming  IT  sys¬ 
tems  along  with  unhappy  users  and  unhappier  IT  departments. 


The  War  Against  Redundancy 

Scott’s  message:  Treat  systemic  causes,  not  budgetary  symp¬ 
toms.  Too  much  time,  money  and  effort  go  into  preserving  a  wel¬ 
ter  of  quasi-localized,  pseudo-centralized  IT  systems  and  apps 
that  may  be  justifiable  on  an  individual  basis  but,  as  part  of  a 
dysfunctional  networked  whole,  are  a  colossal  waste  of 
resources.  Want  to  dramatically  boost  IT  productivity?  Don’t 
cut  10  percent  of  the  IT  budget;  cut  10  percent  of  the  IT  systems. 

For  example,  according  to  Scott,  GM  didn’t  really  discover 
just  how  many  SQL  servers  it  had  until  it  was  struck  (hard!)  by 
the  SQL  Slammer  worm  and  other  digital  infections.  GM  IT  was 
overwhelmed  with  support  calls.  Needless  to  say,  IT  moved 
quickly  to  reduce  redundant  databases  with  all  the  associated 
licensing  and  gray  market  maintenance  costs. 

But  that  was  merely  the  lowest  hanging  fruit.  GM  and  other 
companies  have  discovered  that  they  have  six  or  seven— maybe 
even  10  or  12— overlapping  databases  in  three  or  four  rival 
departments  that  could  (and  should)  be  consolidated  into  no 
more  than  two  or  three  large  shared  databases.  This  doesn’t 
merely  reduce  hard  dollar  IT  costs;  it  provides  a  chance  for 
operational  and  organizational  efficiencies— layoffs,  even.  Any 
wonder  why  some  executives  prefer  to  pick  on  IT  budgets? 

By  shifting  the  analysis  from  dollars  spent  to  systems  reduced, 
the  entire  productivity  and  cost-savings  conversation  is  trans¬ 
formed.  CIOs  are  required  to  evaluate  the  total  cost  of  ownership 

of  the  system  or  app,  while  CFOs  are 
forced  to  realize  the  false  economies 
of  systems  starving.  Killing  and  tran¬ 
sitioning  away  from  an  existing  sys¬ 
tem  for  30,  60  or  90  days  will  cause 
expenditure  spikes,  but  even  the 


Voice  Your  Opinion 


Does  pruning  redundant  systems 
work  for  you?  Go  to  the  ADD  A 
COMMENT  for  this  article  online. 

cio.com 


Want  to  dramatically 
boost  IT  productivity? 

Don't  cut  10%  of  the  IT 
budget;  cut  10%  of  the 
IT  systems. 

crudest  spreadsheet  calculations  affirm  that  enterprises  could 
easily  save  big  money  over  12  to  24  months. 

Treating  systems  and  apps— rather  than  budgets— as  the 
medium  to  be  managed  puts  the  managerial  focus  where  it 
truly  belongs:  on  the  business  value  of  IT  rather  than  its 
accounting  cost.  That’s  smart. 

Such  an  approach  also  begs  an  extraordinarily  important 
implementation  question.  After  the  best  candidates  for  reduction 
are  identified  and  prioritized,  IT’s  challenge  becomes  the  disim- 
plementation  of  systems  and  apps.  Surgical  systems  extraction 
(as  painless  as  possible,  please)  becomes  the  CIO’s  operational 
mandate.  Or,  for  CIOs  with  more  macabre  predilections:  How  do 
you  drive  a  stake  through  the  heart  of  an  app  in  a  way  that  simul¬ 
taneously  kills  it  and  its  budget?  Do  you  go  for  subtlety  and 
stealth?  Or  are  you  better  off  with  a  high-profile  execution? 

Verizon,  a  telecom  provider  all  too  rich  in  legacy  systems 
but  with  an  even  greater  reliance  on  IT  than  GM,  opts  for  strate¬ 
gic  systems  strangulation.  The  company  doesn’t  ax  its  larger 
legacies;  it  asphyxiates  them.  First,  corporate  IT  “surrounds” 
them  with  systems  that  ultimately  are  capable  of  replacing  the 
legacy  target;  secondly  (and  this  is  the  truly  devious  element), 
Verizon’s  IT  actually  supplements  the  features  and  functionality 
of  the  legacy  with  some  of  the  better  bells  and  whistles  of  the 
new  system  now  surrounding  it. 

In  other  words,  Verizon  uses  the  “supplement”  phase  to 
wean  internal  users  off  the  legacy  while  simultaneously  train¬ 
ing  them  how  to  use  the  new  system.  In  the  final  phase,  the  new 
system  supplants  the  legacy  to  the  point  of  effectively  replacing 
it.  Many  users  barely  notice  that  a  final  swap-out  has  occurred. 

Although  undeniably  time-intensive,  Verizon— like  GM— 
has  found  that  the  costs  of  temporary  redundancy  and  transi¬ 
tion  are  a  better  long-term  deal  than  budget-cutting.  You 
address  root  causes  by  pulling  things  out  by  their  roots,  not  cut¬ 
ting  off  branches  and  trimming  leaves. 

There  is  no  small  irony  in  the  larger  truth  that  being  a  cost- 
conscious,  value-creating  CIO  means  paying  just  as  much 
attention  to  which  systems  you  take  out  as  those  you  put  in.  The 
economics  of  disimplementation  are  as  important  to  enterprise 
success  as  the  cost-effectiveness  of  systems  implementation. 
CIOs  should  insist  that  their  CEOs  and  CFOs 
recognize  that.  HPl 


Michael  Schrage  is  codirector  of  the  MIT  Media 
Lab’s  eMarkets  Initiative.  He  can  be  reached  at 
schrage@media.mit.edu. 
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You’re  the  CIO.  How  are  you  weathering  the  stormt 


EAST  COAST 

April  1 7-20,  New  Orleans,  LA 

WEST  COAST 

September  18-21,  Salt  Lake  City,  UT 

UK  &  IRELAND 

June  7-9,  Dublin,  Ireland 


As  a  CIO,  the  issues  you  encounter  can  seem  torrential. 

Successfully  guiding  your  organization  through  the  storm  requires 
unwavering  leadership  and  thoughtful  planning. 

Gain  the  strategic  advice  and  visionary  knowledge  you  need  to  make  confident,  informed 
decisions  at  Gartner  Midsize  Enterprise  Summit: 

•  Insight  from  leading  Gartner  analysts 

•  The  latest  in  trend  analysis  and  research 

•  Peer  networking 

•  Previews  and  case  studies  of  the  latest  technologies 

•  Actionable  advice  from  thought  leaders 

Don't  miss  this  industry-leading  event  produced  by  Gartner,  the  undisputed  world  leader  in 
technology  research  and  opinion  for  business  success.  Get  the  Answers.  Conquer  the  Storm. 

IT  EXECUTIVES 

To  qualify  as  a  hosted  guest,  complete  the  online  application  at  www.midsizeenterprise.com/cio. 

IT  VENDORS 

For  opportunities  to  present  your  solutions  to  this  executive  audience,  call  877-619-7956,  x493. 

Gartner  ^Midsize  EnterpriseSummit 

enabling  strategic  IT  decision-making 


www.midsizeenterprise.com/cio 
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Thinking  Thin 

How  one  county  government  CIO  got  his  users  to  go  on  a  thin-client  diet  and 
be  happy  that  they  did  by  phil  bertolini 
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Thinking  “thin”  is  something  many  people  in  Amer¬ 
ica  struggle  with  every  day.  “Thick”  versus  “thin” 
evokes  images  of  crazy  diets  designed  to  lose  all 
that  extra  baggage.  But  expanding  waistlines  are  a 
lot  like  the  growing  costs  of  new  technology.  Out  of  necessity, 
many  state  and  local  governments  have  been  putting  their  tech¬ 
nology  programs  on  diets  and  are  looking  for  sound,  cost-effec¬ 
tive  solutions  to  drive  down  the  high-calorie  counts  found  in 
hardware,  software  and  support  services. 

Our  story  is  no  different. 

Over  the  years,  beginning  in  the  ’90s,  Oakland  County,  Mich., 
purchased  the  PCs  necessary  to  keep  up  with  expanding  new 
technologies.  In  total,  we  purchased  about  3,600.  By  2002  our 
’equipment  was  aging  fast,  and  the  first  900  PCs  we  bought  were 
past  the  end  of  their  useful  lives.  Meanwhile,  Microsoft  was  chang¬ 
ing  operating  systems  faster  than  we  could  keep  apace  with,  and 
bur  users  were  impatient  for  the  latest  technology.  At  the  same 
time,  our  budgets  were  being  squeezed  by  revenue  shortfalls. 

We  considered  migrating  from  Windows  NT  to  Windows 
XP.  However,  we  soon  realized  that  we  couldn’t  afford  the  addi¬ 
tional  millions  of  dollars  required  to  buy  new  PCs. 

At  that  point,  L.  Brooks  Patterson,  our  county  executive, 
charged  us  with  the  daunting  task  of  finding  the  most  cost- 
effective  method  for  replacing  our  desktop  PCs  ASAP.  We  des¬ 
perately  needed  a  solution. 

That’s  when  we  discovered  “thin  client.” 

The  thin-client  approach  piqued  our  interest  because  it  offered 
lower-cost  desktop  hardware.  Computing  power  would  be  man¬ 
aged  at  the  server  level  rather  than  on  every  individual  PC, 
thereby  driving  down  the  cost  of  thousands  of  desktop  units. 
And  it  provided  for  a  much  easier  approach  to  supporting  new 
operating  platforms,  because  maintenance  could  occur  at  the 
server  level  rather  than  having  to  physically  visit  every  desktop. 


ILLUSTRATION  BY  GARY  NEILL 


ODE  TO 

THE  FEARLESS. 


We  live  in  an  age  where  fearless  thinkers  are  transforming  the  way  we  live,  work  and 
play.  Organizations  are  realizing  that  the  true  power  of  their  information  is  unleashed 
only  when  it  is  readily  available,  not  safely  locked  away.  Business  leaders  are  learning 
that  success  comes  from  letting  their  people  do  what  they  do  best— wherever,  whenever 
and  however.  That  having  to  choose  between  protecting  information  and  making  it 
available  is  a  choice  from  the  past.  That  real  security  is  an  open  door,  not  a  closed  one. 
That  when  information  has  no  limits,  followers  become  leaders  and  leaders  become 
pioneers.  This  is  the  new  world.  And  in  this  world,  the  ones  who  are  fearless  are  the 
ones  who  will  lead. 


www.information-integrity.com/ode 
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Some  of  our  staff  jokingly  referred  to  the  project  as  the  new 
“mainframe.”  The  differences,  however,  are  profound. 

The  mainframe  world  utilized  “dumb”  terminals,  in  which 
the  applications  were  very  production-oriented,  and  the  data 
was  very  difficult  to  manipulate.  The  thin-client  model  uses  ter¬ 
minal  technology  as  well,  but  provides  the  end  user  with  the 
same  functionality  as  that  of  a  standard  PC.  Many  of  our 
employees  use  their  computers  to  perform  basically  the  same 
tasks  over  and  over  again,  almost  always  working  from  the 
office  rather  than  from  home  or  on  a  laptop.  This  server-based 
processing  system  was  ideal  for  a  majority  of  our  existing  PC 
users  who  were  only  using  standard  Microsoft  Office  prod¬ 
ucts  rather  than  graphics  or  other  specialized  programs. 

One  of  our  main  concerns  was 
how  users  would  react  to  thin- 
client  technology. 

We  discovered  that  the  benefits  of  moving  to  a  thin-client 
environment  were  numerous.  The  savings  from  moving 
285  users  to  thin  client  rather  than  replacing  their  old  PCs 
amounted  to  $744,000  in  phase  1.  And  the  first  year  of  the 
phase  2  implementation  (an  additional  540  users)  would  save 
the  county  another  $1.4  million. 

These  savings  manifest  themselves  through  hardware  savings, 
streamlined  support  time  and  more  cost-effective  software  license 
management.  Software  licensing  can  be  better  maintained  in  a 
thin-client  environment  because  all  software  is  loaded  onto  a  cen¬ 
tral  server  and  not  on  the  local  PC.  Another  major  benefit  of  thin 
client  is  in  the  area  of  disaster  recovery.  In  the  thin-client  environ¬ 
ment,  users’  files  are  stored  on  the  servers  with  nightly  backups. 

Converting  Users 

One  of  our  main  concerns  was  how  users  would  react  to  this 
change.  So  my  team  took  the  initiative  of  organizing  orienta¬ 
tion  sessions  for  key  individuals  from  various  departments. 

The  feedback  was  exactly  what  we  expected.  There  was  concern 
that  with  thin-client  technology,  the  department  of  information 
technology  would  be  “looking  in”  on  their  files.  Employees  didn’t 
realize  this  kind  of  transparency  already  existed.  We  were  able  to 
alleviate  most  users’  concerns  prior  to  implementation  by  giving 
them  a  quick  start  guide  and  outlining  all  the  differences  (or  lack 
of  differences)  between  their  current  environment  and  the  new 
thin-client  environment.  We  also  provided  one-on-one,  hands-on 
training  immediately  after  the  installations. 

To  alleviate  concerns  about  privacy,  users  were  provided 
with  secure  network  space  specifically  for  their  own  files ,  which 
could  only  be  accessed  through  their  user  name  and  password. 
And  as  long  as  they  didn’t  share  their  password,  their  data 
would  be  secure  (via  the  network  operating  system).  They  would 
also  have  portable  USB  flash  drives  that  would  function  like 


their  old  diskettes.  These  features  seemed  to  satisfy  most  of  our 
end  users. 

The  original  plan  had  been  to  replace  old  PCs  with  new  ter¬ 
minals.  But  we  soon  found  that  we  could  strip  down  old  PC  tow¬ 
ers  and  convert  them  to  thin-client  terminals,  thereby  extending 
the  life  of  the  PCs  and  delaying  additional  capital  expenditures 
in  the  first  phase. 

We  did  replace  old  monitors  and  keyboards  with  flat-screen 
monitors  and  new  keyboards.  These  were  a  key  selling  point, 
as  users  realized  an  immediate  space  savings  on  the  desktop  and 
a  much  “cooler”  monitor  overall. 

While  all  this  was  going  on,  the  IT  department  also 
upgraded  the  county’s  local  area  network  to  gigabyte  strength 
so  that  users  would  benefit  from  both  newer  technology  and 
faster  applications.  In  fact,  our  greatest  challenge  in  imple¬ 
menting  thin  client  was  to  ensure  that  the  network  operating 
system  could  handle  the  increased  needs  for  centralized  com¬ 
puting  power.  During  the  initial  rollout  to  some  users,  we 
found  the  speed  of  our  existing  communications  network  to  be 
too  slow,  and  it  was  causing  keyboard  response  delays.  So  we 
made  sure  that  all  of  the  users  being  converted  to  thin  clients 
were  included  in  the  first  phase  of  the  network  upgrade  so 
they  could  derive  immediate  benefits. 

The  reception  to  thin  client  proved  better  than  expected. 
One  of  the  initial  users  was  County  Prosecutor  David  Gorcyea, 
who  said  he  is  delighted  with  his  new  thin  client.  “The  software 
applications  perform  faster  and  are  much  simpler  to  access, 
making  it  easy  to  switch  between  programs,”  he  said. 

The  second  phase  will  include  a  hybrid  model  that  consists  of 
a  combination  of  thin-  and  thick-client  technologies,  because  we 
found  some  users  still  needed  computing  power  only  found  in  a 
thick-client  PC.  The  Hybrid  Client  is  a  workstation  that  uses  the 
thin-client  suite  of  applications  (Microsoft  Office)  already  available 
on  the  central  thin-client  server  farm.  But  in  addition,  the  Hybrid 
Client  can  run  applications  dependent  on  older  client-server  appli¬ 
cations.  So  while  a  user  may  be  running  Microsoft  Office  pro¬ 
grams  and  storing  files  on  the  thin-client  server,  they  may  be 
running  a  geographic  information  system  (GIS)  application  on 
the  computer’s  internal  processor. 

Overall,  our  goal  is  to  create  as  many  thin-client  users  as 
possible  out  of  about  3,600  total  users.  As  we  move  forward 
with  the  second  phase,  we  remain  optimistic  that  the  invest¬ 
ment  will  be  well  worth  our  efforts.  So  far,  the  case  has  been 
made  that  our  thin-client  diet  is  truly  helping  us  become  more 
agile  and  efficient.  BE] 


Phil  Bertolini  is  the  CIO  for  Oakland  County,  Mich.  His 
office  provides  strategic  planning,  development  and 
support  services  for  more  than  60  county  departments, 
61  local  communities  and  200  public  safety  agencies  in 
Michigan.  E-mail  him  at  bertolinip@co.oakland.mi.us. 
Please  send  feedback  to  letters@cio.com. 
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Advertisement 


Working-At-Home  Walter 


Who  can  blame  Working-At-Home  Walter  for  feeling  a  bit 
smug  as  he  tunes  his  radio  to  the  morning  traffic  report? 
He’s  not  stuck  in  that  freeway  mess  caused  by  the 
overturned  lobster  truck.  He  hasn’t  even  shaved, 
W  and  may  well  not  until  dinner.  Working-At-Home 
Walter  has  swapped  his  wingtips  for  fuzzy  slippers,  but 
still  manages  to  stay  highly  productive— not  to  mention 
better  fed  than  his  in-office  compatriots.  As  Working- 
At-Home  Walter  says,  it’s  all  a  matter  of  having  the 
right  technology  to  make  a  home  a  castle  of  productivity. 


Do  you  feel  you  are  really  as  productive  at  home  as  you  used 
to  be  in  the  office? 

Actually  no.  I’m  more  productive!  It  took  me  a  while  to  realize 
that  all  those  water  cooler  conversations,  nosh  breaks,  meetings 
that  always  seem  to  run  longer  than  they  need  to,  and  other  office 
antics  didn’t  help  my  productivity  one  iota.  At  home,  I’m  totally 
focused.  I  have  more  flexibility,  too.  If  I  have  to  stop  work  at  4:30  to 
start  dinner— I’m  a  great  cook  you  know— I’ll  go  back  to  work  at  7 
to  finish  up. 


How  has  your  boss  reacted  to  your  working  at  home 
so  much? 

My  boss  and  the  rest  of  the  brass  believe  that  happy  workers  are 
productive  workers.  Mobile  technology  from  Nokia  has  helped  me 
balance  my  home  and  work  life.  I’m  very  highly  motivated  to  be  as 
productive  here  as  I’d  be  in  the  office,  maybe  even  more  so,  because 
working  at  home  gives  me  that  balance  I  need. 


About  the  Interviewer 

mA 

■  y\ 

I  Bill  Laberis  was  editor  in  chief  of 

Computerworld  for  ten  years  (1986-1996). 
He  is  president  of  Bill  Laberis  Associates,  a  cus¬ 
tom  publishing  and  content  company 
(www.laberis.com).  His  columns,  Webcasts, 
supplements  and  magazines  are  well-known  and 
respected  throughout  the  high-tech  industry. 


sofa  jockeys  like  me  has  been  no  problem.  Excuse  me  a  second.  Gotta 
take  a  call  from  one  of  my  kids  at  soccer  practice. 

So  what’s  the  secret? 

In  a  word,  Nokia.  Only  it’s  no  secret  because  the  company  is  world 
renowned  for  helping  guys  like  me  commute  less,  connect  with 
coworkers  from  the  comfort  of  my  patio  lounge  chair,  and  work  in  my 
pj’s.  My  mom  got  me  these,  so  no  laughing,  OK? 

What  are  the  most  important  technologies  for  your 
work-at-home  success? 

My  laptop  is  numero  uno  with  me,  but  only  if  I  can  have 
confidence  that  the  connection  I  have  back  to  corporate  is  secure, 
given  the  info  I  need.  Mobile  email  is  my  killer  application  so  it  has  got 
to  be  working  24/7. 

Why  is  security  so  important  to  you? 

Don’t  let  the  slippers  and  pajamas  fool  you.  I’ve  got  an  important 
major  accounts  job.  I  need  access  to  business-critical  information 
intended  for  very  few  eyes.  That  access  has  to  be  as  secure  as  the 
gold  at  Fort  Knox.  So  we  use  Nokia  Secure  Access  System.  I’m  no 
computer  whiz,  but  I’m  told  this  system  leverages  something  called 
SSL  technology  running  on  Nokia’s  IP  Security  Platforms.  Look,  the 
bottom  line  is  this:  Instead  of  worrying  if  my  data  is  safe,  I  get 
anytime,  anywhere  access  to  email,  the  corporate  intranet,  manage¬ 
ment  portals,  and  just  about  any  data  I  need— instantly  and  in  real 
time.  It’s  way  cool! 

What  other  mobile  technologies  work  for  you? 

I  love  my  Nokia  6820.  It  gives  me  quick  and  reliable  access  to  the 
data  I  need  and  the  people  I  want  to  contact.  It’s  got  a  great  color 
screen  for  my  tired  eyes.  The  quality  of  the  speakerphone  for  confer¬ 
ence  calling  is  outstanding.  Depending  on  my  mood  and  needs,  I  also 
use  my  smartphone  based  on  the  Nokia  Series  60  software 
platform.  It’s  unbeatable  for  voice  and  data  connections,  whether  for 
email  on-the-fly  or  just  messing  around  on  the  Internet. 


And  the  IT  people,  what  do  they  think  of  your  working 
remotely? 

My  buddy  Joe  in  IT  says  it  doesn’t  matter  to  him  and  his  crew 
where  I  work.  Nokia  helped  the  IT  department  apply  best  IT  practices 
to  all  the  mobile  gear  they  support,  so  extending  key  applications  to 


You  are  in  great  shape.  How  do  you  stay  away  from  the 
refrigerator  during  the  day? 

Working  at  home  takes  some  discipline.  I  ration  myself  two  trips  to 
the  kitchen  for  snacks  a  day,  just  like  a  regular  office  break.  And  once 
in  a  while  I  ask  my  wife,  “Honey,  do  I  look  fat?”  Let’s  just  say  I  married 
an  honest  woman. 


Learn  how  to  mobilize  your  team  and  increase  business  productivity. 
Download  “The  Anytime,  Anyplace  World”  white  paper. 

nokiaforbusiness.com 
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_ _ _  headquartered— on  the  Midwest’s 

grassy  plains  or  in  the  South’s  sweltering  cities— you  have  to  deal 
with  the  new  tide  of  legislation  swelling  out  of  the  Golden  State 


Why  California  leads 
the  nation  in  protecting 
consumer  privacy 

How  these  laws  affect 
companies  in  every  state 

How  to  comply  while 
minimizing  impact  to 
your  bottom  line 


Cover  Story  |  Privacy 


and  lawsuits.  The  California  state  legislature  has  already  enacted  more 
than  a  dozen  laws  that  regulate  how  businesses,  universities  and  other 
organizations  that  collect  personal  information  on  California  resi¬ 
dents  must  manage  private  data. 

And  that’s  just  the  beginning.  California  legislators  are  prepared  to 
introduce  more  privacy  bills  when  the  state  legislature  convenes  this 
month,  including,  among  other  things,  bills  to  regulate  the  use  of  radio 
frequency  identification  (RFID)  and  how  companies  outsource  data. 
Even  Congress  is  getting  in  on  the  act.  It  is  considering  in  committee 
a  bill  that  mirrors  the  California  law  about  notifying  customers  when 
a  security  breach  occurs.  And  states  are  beginning  to  consider  pri¬ 
vacy  bills  that  restrict  outsourcing  operations  that  involve  personal 
information. 

“You  are  going  to  continue  to  see  more  legislation,  and  particularly 
more  legislation  out  of  California,”  warns  Peggy  Eisenhauer,  counsel 
head  of  the  privacy  and  information  management  practice  for  the 
Atlanta  law  firm  Hunton  &  Williams. 

Like  a  large  hurricane  sweeping  in  off  the  Pacific,  these  laws  will 
wreak  havoc  on  all  kinds  of  business  processes,  including  how  web¬ 
sites  can  collect  personal  data  and  the  management  of  databases  that 
store  personal  information  on  customers.  They  will  influence  how 
companies  share  personal  data  with  third  parties  and  restrict  their 
ability  to  contact  consumers  via  cell  phones  and  faxes.  State  law¬ 
makers  are  also  considering  laws  that  could  affect  how  your  com¬ 


pany  outsources  services  that  handle  personal  information.  And  keep 
in  mind:  Any  company  that  sells  a  product  or  service  to  a  California 
resident,  even  if  the  company  is  based  outside  the  state,  may  be 
affected.  Just  having  a  website  that  a  California  resident  visits— and 
one  out  of  10  Americans  lives  in  California— can  put  you  under  the 
jurisdiction  of  these  laws. 

Although  there  is  no  record  yet  of  any  company  being  sued  over 
these  laws,  it’s  just  a  matter  of  time.  “You’re  going  to  see  increasing  lit¬ 
igation  for  security  breaches,  especially  when  the  result  is  identity 
theft  or  financial  losses,”  says  Behnam  Dayanim,  a  privacy  attorney 
with  the  international  law  firm  of  Paul,  Hastings,  Janofsky  &  Walker. 

So  what  can  CIOs  do?  You  may  not  be  able  to  divert  this  threaten¬ 
ing  tidal  wave,  but  you  can  be  pi'epared  for  it.  To  reduce  your  com¬ 
pany’s  vulnerability,  educate  yourself  about  the  legislation  so  that  you 
can  talk  intelligently  with  your  corporate  counsel  and  CEO.  And  you 
can  insulate  yourself  from  some  of  the  laws  altogether  by  using  encryp¬ 
tion.  You  can  also  adhere  to  best  practices  discovered  by  CIOs  who  have 
run  afoul  of  some  of  these  laws  and  learned  from  the  experience.  Such 


practices  include  communicating  with  the  public  on  what  information 
you  collect,  and  following  that  up  with  clear,  honest  answers  to  ques¬ 
tions  from  customers  and  the  media  in  the  event  of  an  information  leak. 

And  just  think:  Complying  with  these  laws  could  actually  end  up 
being  good  for  your  business.  Frank  Giannantonio,  senior  vice  presi¬ 
dent  and  CIO  for  Lands’  End,  believes  this  has  occurred  at  his  com¬ 
pany.  “These  laws  are  not  constraining  our  ability  to  do  business,”  he 
says.  “It’s  to  the  benefit  of  our  customers.” 

Privacy  and  Paranoia  in  the  Golden  State 

What  are  the  forces  that  have  led  California  to  drive  such  a  large  leg¬ 
islative  stake  in  the  privacy  ground?  The  answer:  Californians  worry 
about  rising  rates  of  identity  theft  and  fraud,  and  they  fear  that  cor¬ 
porations  will  use  their  personal  information  to  inundate  them  with 
marketing  campaigns. 

Sen.  Debra  Bowen  (D-Calif.),  author  and  sponsor  of  many  of  the 
state’s  privacy  laws,  notes  that  an  estimated  10  million  Americans 
experienced  some  sort  of  identity  theft  within  the  past  year,  leading  to 
credit  card  and  bank  fraud.  In  a  recent  report,  the  Aberdeen  Group 
concluded  that  by  2005,  identity  theft  losses  could  reach  $2  trillion 
worldwide.  The  rise  in  identity  theft  has  made  consumers  increas¬ 
ingly  skeptical  of  corporate  efforts  to  collect  personal  data.  In  fact, 
many  Americans  believe  strengthening  privacy  safeguards  should  be 
the  government’s  number-one  priority,  according  to  a  study  conducted 
this  year  by  the  market  research  firm  Yankelovich. 

California’s  state  legislature  has  responded  to  the  height¬ 
ened  public  concern  by  passing  a  flood  of  legislation  in  the 
past  two  years.  The  first  law,  SB  168,  was  a  Bowen-spon¬ 
sored  bill  that  took  effect  in  2002,  preventing  businesses 
from  using  California  residents’  Social  Security  numbers  as 
unique  identifiers,  in  the  hope  that  those  numbers  would  be 
harder  for  criminals  to  obtain.  The  law  also  gives  California 
residents  the  right  to  block  access  to  their  credit  reports. 
“SB  168  really  put  privacy  and  identity  theft  on  the  map  for 
a  lot  of  people,”  Bowen  says. 

Businesses  resisted  SB  168  at  first  because  of  the  costs 
associated  in  changing  identifiers  in  corporate  networks,  but  the  law 
is  now  beginning  to  be  adopted  nationwide.  The  law  pushed  IBM  last 
year  to  require  its  more  than  100  health  insurance  providers  to  stop 
printing  Social  Security  numbers  on  medical  ID  cards,  claims  forms 
and  other  documents  or  risk  losing  Big  Blue’s  business.  The  change 
affected  more  than  540,000  IBM  retirees,  employees  and  their  fami¬ 
lies  in  the  United  States. 

The  legislature  has  since  passed  laws  that  affect  many  other  tech¬ 
nologies  and  industries.  (For  a  comprehensive  list  of  these  laws,  see 
“Guide  to  Privacy  Laws,”  Page  48.)  Even  California  Republicans,  pre¬ 
viously  unsupportive  of  privacy  measures,  have  jumped  onto  the 
bandwagon:  A  Republican-authored  bill  was  signed  into  law  in  Sep¬ 
tember,  requiring  companies  to  remove  the  Social  Security  number 
from  pay  stubs. 

On  the  advice  of  his  CIO,  California  Gov.  Arnold  Schwarzenegger 
recently  vetoed  a  bill  that  would  have  made  it  illegal  to  outsource  Cal¬ 
ifornians’  personal  medical  information  to  companies  based  in  other 
countries  without  first  obtaining  permission  from  the  individuals. 


The  California  privacy  laws  will 

wreak  havoc  on  all  kinds 
of  business  processes, 

including  how  websites  collect 
personal  data  and  the  management 
of  databases  that  store  personal 
information  on  customers. 
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(For  more  on  California’s  influential  CIO,  see  “Reforming  California 
IT,”  www.cio.com/printIinks.)  The  governor  also  vetoed  a  bill  that  would 
have  required  employers  to  notify  California  employees  before  review¬ 
ing  their  e-mail,  monitoring  their  Internet  surfing,  or  tracking  their 
whereabouts  using  techniques  such  as  GPS  in  company  cell  phones 
and  cars.  But  those  bills,  and  others  like  them,  are  expected  to  be  rein¬ 
troduced  this  month. 

“These  laws  are  just  the  beginning,”  says  Mark  Durham,  commu¬ 
nications  director  for  Identity  Theft  911,  which  provides  consulting 
services.  “You  think  Y2K  was  big.  This  is  bigger.” 

Time  to  Rethink  Your  Privacy  Policies 

Many  CIOs  whose  companies  do  business  in  California  may  think 
they  are  in  compliance  with  some  of  these  laws.  But  they  woidcl  be 
wrong.  For  example,  executives  may  assume  they  are  in  compliance 
with  the  law  requiring  a  privacy  notice  on  their  corporate  website 
that  states  clearly  what  personal  information  is  being  gathered  on 
browsers.  However,  as  many  as  80  percent  of  the  privacy  policies  at 
corporate  sites  are  out  of  compliance,  according  to  the  Ponemon 
Institute,  which  conducted  a  survey  of  up  to  500  randomly  selected 
websites.  Half  of  these  noncompliers  violate  the  law  in  a  trivial  way; 
for  example,  the  site  links  to  an  outside  domain  and  the  policy  does 
not  inform  the  user,  says  Larry  Ponemon,  founder  of  the  Ponemon 
Institute  and  a  privacy  expert.  However,  the  other  half  is  out  of  com¬ 
pliance  in  ways  that  could  get  the  company  in  trouble.  For  example, 
some  sites  use  Web  beacons,  or  pixel  tags,  to  identify  visitors’  IP 
addresses  without  obtaining  consent.  Other  sites  use  cookies  stored 
on  browsers’  hard  drives  to  identify  them  without  disclosing  that  fact 
in  the  privacy  policy. 

Keep  in  mind  that  these  laws  can  affect  companies  even  when  there 
is  no  evidence  of  identity  theft.  For  instance,  when  the  computer  net¬ 
work  at  San  Diego  State  University  was  hacked  earlier  this  year,  there 
was  no  evidence  that  the  information  on  the  server  had  been  compro¬ 
mised  or  stolen.  (The  hackers  were  using  the  server’s  large  storage 
capacity  to  store  MP3  music  files  and  later  launched  e-mail  spam  from 
the  server.)  However,  the  first  initials,  last  names  and  Social  Security 
numbers  of  nearly  207,000  students  and  financial  aid  applicants 
(many  of  whom  did  not  attend  the  university)  were  in  a  database  on  the 
server.  To  comply  with  a  state  statute,  university  officials  had  to  quickly 
notify  all  207,000  people  that  their  Social  Security  numbers  may  have 
been  stolen.  The  price  tag:  $200,000.  And  that  doesn’t  include  the 
cost  in  terms  of  bad  PR. 

As  of  August,  the  university’s  IT  department  received  over  1,500 
calls  in  response  to  the  notifications,  many  of  them  from  angry  stu¬ 
dents  and  faculty  members.  “A  lot  of  people  yelled  how  incompetent  I 
was,”  says  Felecia  Vlahos,  the  university’s  information  security  officer, 
who  answered  some  of  the  calls  herself.  Even  so,  she  remains  a  fan  of 
the  law.  “The  California  law  brought  about  exactly  what  it  was  sup¬ 
posed  to  bring  about:  protecting  people’s  identity,”  she  says. 

A  Compliance  Nightmare 

CIOs  from  the  financial  industry  are  even  more  worried  about 
another  law  (SB  1)  that  requires  financial  institutions  to  obtain  per¬ 
mission  from  their  customers  if  they  share  customers’  personal 


Organize  a  senior- 
level  team  that  includes 
you,  the  CEO,  CFO,  COO, 
head  of  HR,  director  of 
marketing,  corporate 
counsel  and  others  who 
meet  regularly  to  discuss 
how  to  best  respond  to 
privacy  laws. 


10  Not-So-Easy  Steps 


Encrypt  data  contain¬ 
ing  names,  credit  card 
numbers,  associated 
PINs,  Social  Security 
numbers  and  driver’s 
license  numbers.  This 
simple  step  will  insulate 
you  from  the  California 
law  requiring  notification 
of  a  security  breach. 

Consider  creating 
separate  databases  for 
customer  names  and 
credit  card  numbers. 

Again,  this  step  could  pre¬ 
vent  you  from  having  to  notify  customers  in  the  event  of 
a  hack  into  either  system. 

Develop  a  detailed  plan  for  how  you’ll  react  to  a  breach 
and  who  will  do  what.  Make  a  list  of  the  managers  who  need 
to  be  involved  in  the  decision-making  process.  Define  with 
vendors  what  their  roles  will  be  and  the  level  of  involvement 
you  expect  from  them.  Try  to  prepare  for  the  unexpected. 

Make  sure  the  corporate  website  is  collecting  only  the 
information  from  visitors  that  your  privacy  policy  says  it  is. 
Most  corporate  websites  are  not  in  sync  with  California  law. 

If  a  security  breach  does  occur,  find  out  as  much 
information  about  the  breach  as  you  can  before  going  to 
top  management.  Good  information  will  be  key  in  deciding 
what  to  do. 


ia 


If  it  is  determined  that  you  must  notify  customers  of  a 
breach,  CIOs  who  have  been  through  the  process  suggest 
that  you  provide  a  few  people  to  answer  phone  calls  from 
customers.  A  soothing  voice  that  offers  honest  and  open 
information  will  go  a  long  way  in  defusing  the  situation.  Also 
post  up-to-date,  credible  and  useful  information  on  a  central 
website. 


Avoid  e-mail  notification  if  you  can.  E-mail  lasts  forever, 
and  could  be  tampered  with  to  look  like  your  organization 
said  something  it  didn't. 

Work  closely  with  law  enforcement.  Hampering  the 
investigation  does  no  one  any  good. 

Think  twice  about  outsourcing  the  work  of  notifying 
customers.  You  are  still  responsible  forthe  content,  how  it  is 
carried  out  and  the  timeliness  of  notification.  -A.H. 
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data  with  a  nonaffiliated  company,  such  as  a  contractor  or  an  IT 
provider.  The  law,  which  went  into  effect  in  July,  is  a  “compliance 
nightmare,”  says  Stephen  Wu,  founder  and  CEO  of  the  InfoSec  Law 
Group  in  Mountain  View,  Calif.  For  example,  if  a  financial  institu¬ 
tion  shares  a  customer’s  personal  data  with  a  third  party,  it  must  fol¬ 
low  strict  and  detailed  rules,  including  instructions  on  margin 
width  (“wide  margins,  ample  line  spacing  and  uses  boldface  or  ital¬ 
ics  for  keywords”),  font  size  (“no  text  in  the  form  is  smaller  than  10- 


point  type”),  number  of  words  per  sentence  (“an  average  of  15  to  20 
words”),  even  what  needs  to  be  on  the  envelope  (“clearly  state  in  16- 
point  boldface  type  “IMPORTANT  PRIVACY  CHOICES’”).  “This  is 
where  California  has  gone  overboard  with  unrealistically  burden¬ 
some  financial  regulations,”  attorney  Dayanim  says. 

The  financial  industry  is  hoping  the  courts  will  view  it  the  same 
way  and  rule  that  a  less  stringent  federal  law  trumps  SB  1.  This 
year,  several  trade  associations,  including  the  American  Bankers 


California  Law 

Federal  Response 

Business  Impact 

SB  168:  Restricts  businesses'  use 
of  Social  Security  numbers  as  public 
identifiers. 

Legislation  regarding  the  use  of  Social 
Security  numbers  has  been  introduced  in 
the  U.S.  Senate  and  House. 

Companies  who  have  California  employ¬ 
ees  or  customers  will  have  to  use  alterna¬ 
tive  identifiers. 

SB  186:  Bans  unsolicited  e-mail  adver¬ 
tising. 

Federal  law  overrides  California  law. 

Allows  unsolicited  e-mail  advertising  as 
long  as  there  is  opt-out  provision. 

Companies  doing  business  in  California 
or  anywhere  in  the  U.S.  can  still  advertise 
as  long  as  they  provide  opt-out  clause. 

AB  2944:  Bans  unsolicited  fax  advertis¬ 
ing  in  California. 

Two  Senate  bills  would  open  loopholes 
by  allowing  unsolicited  faxes  from  busi¬ 
nesses  to  people  who  have  bought  some¬ 
thing  in  past  five  to  seven  years. 

If  federal  bill  passes,  companies  can 
continue  sending  unsolicited  faxes  in 
California. 

AB  1769:  Bans  sending  text  message 
advertising  to  cell  phones  and  pagers. 

Similar  bill  introduced  in  House  in  2003; 
still  in  subcommittee,  effectively  dead. 

Other  states— Colo.,  Wash.,  Pa.— have 
enacted  similar  legislation. 

You  have  to  keep  California  customers  on 
a  separate  database  for  text  advertising. 

SB  1386:  Requires  businesses  to  notify 
customers  when  their  personal  data  is 
exposed  to  a  security  breach. 

Similar  bill  introduced  by  Sen.  Dianne 
Feinstein  (D-Calif.);  in  Senate  committee. 

If  federal  bill  passes,  companies  will  be 
spending  lots  of  money  on  notification. 

SB  1:  Requires  financial  institutions 
to  obtain  permission  from  customers 
before  sharing  personal  information 
with  nonaffiliates. 

Circuit  Court  ruling  on  suit  challenging 
California  law  could  be  issued  early 
next  year. 

If  California  law  stands,  financial  firms 
doing  business  there  must  develop  costly 
protocols  to  obtain  customer  permission. 

AB  1733:  Requires  wireless  carriers  to 
get  permission  to  include  wireless  users’ 
phone  numbers  in  411  directory. 

Similar  Senate  bill  has  reached  the  floor 
and  may  be  voted  on  next  year.  Similar 
House  bill  is  in  committee. 

State  and  federal  laws  will  make  it  diffi¬ 
cult  for  wireless  carriers  to  publish  or  sell 
telephone  directories. 

SB  27:  Requires  businesses  to  tell  cus¬ 
tomers  with  which  third-party  entities 
they  share  personal  data. 

No  federal  response  yet. 

Businesses  must  keep  track  of  what  data 
they  share  with  third  parties  so  they  can 
pass  that  information  along  to  customers. 

SB  1436:  Attempts  to  restrict  software 
that  tracks  keystrokes  and  websites  vis¬ 
ited.  Also  attempts  to  block  installation  of 
software  that  takes  control  of  personal 
computers. 

The  House  passed  similar  legislation 
known  as  the  Spy  Act.  Bill  has  been  sub¬ 
mitted  to  the  Senate. 

Privacy  advocates  say  law,  which  requires 
proving  intent  to  deceive,  may  be  hard  to 
enforce. 

SB  1633:  Prohibits  businesses  from 
obtaining  medical  information  for  direct 
marketing  without  getting  consent. 

Senate  bill  would  make  it  unlawful  to 
transmit  personal  information,  including 
health  data,  to  a  contractor  outside  U.S. 
without  first  informing  customers. 

Businesses  will  have  to  track  how  health¬ 
care  data  is  used  and  distributed  for 
California  residents. 
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Association  and  the  Consumer  Bankers  Association,  sued  the  state 
of  California  over  SB  1,  arguing  that  the  federal  Fair  and  Accurate 
Credit  Transaction  Act  (FACT)  preempted  SB  1.  But  the  district 
court  ruled  FACT  only  pertained  to  consumer  report  information. 
The  associations  have  appealed  to  the  United  States  Courts  for  the 
9th  Circuit.  A  decision  could  be  made  early  next  year. 

To  Notify  or  Not:  That  Is  the  Question 

So  what  to  do?  In  the  political  arena,  corporations  can  lobby  Con¬ 
gress  to  pass  legislation  that  nullifies  extreme  state  laws.  But  given 
public  concerns  about  privacy,  CIOs  should  prepare  now  to  insulate 
themselves  and  their  companies.  First,  assemble  a  senior-level 
team,  which  would  include  first  and  foremost  the  company’s  gen¬ 
eral  counsel,  CEO  and  CFO.  Other  senior-level  executives  could  be 
included  as  well,  such  as  the  head  of  HR,  the  COO  and  the  market¬ 
ing  director.  “If  I  were  talking  to  CIOs,  I  would  tell  them  that  their 
best  friend  has  to  be  the  corporation’s  general 
counsel,”  advises  Eisenhauer.  “The  general  coun¬ 
sel  must  stand  behind  you  to  get  the  proper  funds 
to  secure  these  systems.  They  can  tell  the  CEO  just 
what  is  at  stake.” 

That’s  the  approach  that  Giannantonio  of  Lands’ 

End  used  at  his  firm.  A  team  of  top  executives  reg¬ 
ularly  meets  to  discuss  security  and  privacy  issues. 

In  late  August,  the  team— which  includes  Gian¬ 
nantonio  and  nine  other  top  executives— met  to  discuss  business 
practices.  The  California  law  requiring  businesses  to  notify  cus¬ 
tomers  of  any  information-sharing  arrangements  with  third  par¬ 
ties  was  one  of  the  topics  of  conversation.  The  team  decided  to 
explore  various  compliance  options  such  as  a  dedicated  e-mail 
address  to  deal  with  inquiries  from  California  customers  and  adding 
a  webpage  that  offers  information  on  how  the  retailer  shares  data 
with  third  parties. 

CIOs  can  take  other  steps  as  well.  For  instance,  according  to  one 
California  law,  companies  are  not  required  to  notify  customers  in  the 
event  of  a  security  breach  if  customers’  personal  data  is  encrypted. 
Even  the  weakest  encryption  seems  to  cover  you.  But  watch  out.  If  you 
are  sued  for  not  notifying  customers  when  a  breach  occurs,  a  jury  or 
a  judge  could  rule  that  the  encryption  was  so  absurdly  weak  that  in 
essence  the  company  had  no  encryption. 

Privacy  experts  recommend  segregating  data  that  pertains  to  Cal¬ 
ifornia  residents.  That  way,  CIOs  can  focus  on  that  data  and  avoid  hav¬ 
ing  to  explain  why  they  are  not  notifying  non-California  residents. 
Lands’  End  is  doing  that,  but  with  a  twist.  All  credit  card  information 
is  stored  in  one  file,  and  customer  names  and  addresses  are  stored  in 
another  file— and  all  of  it  is  in  the  process  of  being  encrypted.  If  a 
breach  occurred,  it  would  be  impossible  for  a  hacker  to  link  specific 
names  to  credit  card  numbers.  The  law  requires  a  company  to  notify 
customers  only  if  the  compromised  data 
includes  a  name  linked  to  a  driver’s  license, 
credit  card  or  Social  Security  number. 

If  a  security  breach  does  occur,  and  you  fall 
under  the  disclosure  law’s  purview,  there  are 
some  best  practices  you  can  follow.  First,  pri¬ 


vacy  lawyers  say,  don’t  rush  out  immediately  to  inform  customers 
when  a  database  has  suffered  a  breach.  Although  the  law  requires 
an  ambiguously  termed  “reasonable  time”  to  inform  the  public, 
you  should  first  determine  if  any  data  was  actually  stolen  before 
going  to  the  CEO.  If  you  find  beyond  a  reasonable  doubt  that  no  data 
was  stolen,  you  do  not  have  to  inform  customers.  This  avoids 
unwarranted  alarm  and  the  possibility  of  creating  “warning 
fatigue”— in  others  words,  customers  not  taking  your  notices  seri¬ 
ously.  Publicizing  security  breaches  does  have  a  downside.  Accord¬ 
ing  to  Ponemon,  about  40  percent  of  customers  say  they  would 
leave  a  company  if  one  security  breach  occurs.  With  a  second 
breach,  that  jumps  to  70  percent,  and  a  third  breach  could  cost  a 
company  90  percent  of  its  customers. 

The  most  common  choice  among  corporations  that  have  discov¬ 
ered  a  breach  is  to  do  nothing— not  a  wise  move.  Dayanim  says  that 
inaction  may  keep  the  breach  a  secret,  but  it  opens  the  company  to 

Encryption  is  one  solution  to 
California’s  disclosure  laws. 

Companies  are  not  required  to  notify 
customers  in  the  event  of  a  security 
breach  if  customer  data  is  encrypted. 


a  lawsuit  if  the  breach  is  later  discovered.  And  companies  may  be 
sued  anyway  if  damages  occur.  “It’s  a  ‘rock  and  a  hard  place’  sce¬ 
nario,”  Dayanim  says. 

CIOs  may  want  to  follow  San  Diego  State  University’s  course  of 
action.  Even  though  the  hackers  probably  didn’t  steal  Social  Secu¬ 
rity  numbers  stored  on  the  server,  school  administrators  decided  it 
would  be  best  to  alert  affected  students  and  faculty.  When  you  do 
notify  customers,  being  straightforward  and  honest  with  them  is 
the  best  policy,  says  Vlahos.  Set  up  a  website  with  information 
about  the  breach,  what  to  do  and  whom  to  call  for  more  information, 
and  then  make  sure  you  have  knowledgeable  people  available  to 
answer  customer  questions. 

This  last  point  was  particularly  important  for  David  Ernst,  CIO  for 
the  California  State  University  (CSU)  system.  In  June,  CSU  technicians 
lost  a  hard  drive  that  had  23,500  student  and  faculty  names  on  it  that 
were  associated  with  Social  Security  numbers.  Ernst’s  staff  decided 
that  the  hard  drive,  left  in  the  office  overnight,  most  likely  was  thrown 
out  by  the  cleaning  crew.  Nevertheless,  Ernst  believed  it  was  in  the 
school’s  best  interest  to  notify  the  people  whose  names  and  Social 
Security  numbers  were  on  the  hard  drive.  The  most  helpful  step— and 
“the  biggest  burden”— Ernst  says,  was  having  a  person  available  to 
take  calls,  even  though  the  law  does  not  require  it. 

“This  sends  a  positive  message  that  the  institution  cares  and  is  try¬ 
ing  to  do  all  it  can  to  respond  to  the  event,”  Ernst 
says.  “Most  of  those  who  called  were  apprecia¬ 
tive  that  we  provided  this  option.”  BE] 
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Reader  ROI 

::  How  federal  regulations 
have  rendered  current 
e-mail  software  inadequate 

::  The.four  aspects  of  good 
e- malmanagement:  storage, 
archiving,  indexing  and  policy 
enforcement 

::  How  proper  e-mail 
management  can  boost 
regulatory  compliance 


Sarbanes-Oxley,  HIPAA  and  other 
regulations  have  moved  e-mail 
management  to  the  top  of  CIOs’ 
agendas,  says  Jeffrey  Schwarz, 
the  top  IT  officer  at  law  firm 
McDermott,  Will  &  Emery. 


Eliot  Spitzer  loves  e-mail.  The  lawsuits  filed  by 
New  York’s  crusading  attorney  general  against  brokerages, 
mutual  fund  companies  and  most  recently  the  insurance  indus¬ 
try  have  all  depended  on  incriminating  evidence  in  the  compa¬ 
nies’  own  electronic  communications.  But  while  these  and  other 
notable  cases  in  which  e-mails  played  a  key  role  have  gotten  the 
headlines,  they  are  just  symptoms  of  something  grander. 

E-mail’s  usage  and  scope  is  exploding.  IDC  (a  sister  company 
to  CIO’s  publisher)  forecasts  that  the  average  number  of  e-mails 
sent  each  day  worldwide  will  hit  36.2  billion  in  2006,  and 
Gartner  predicts  the  volume  of  business  e-mail  will  grow  25  per¬ 
cent  to  30  percent  a  year  through  2009.  (Gartner’s  figures 
exclude  spam,  which  currently  accounts  for  around  three- 
fourths  of  inbound  e-mail.)  This  growth  reflects  an  important 
shift  in  how  e-mail  is  employed.  The  Enterprise  Strategy  Group 
(ESG)  reports  that  as  much  as  75  percent  of  most  companies’ 
intellectual  property  is  contained  in  the  messages  and  attach¬ 
ments  they  send  through  their  e-mail  systems. 
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Federal  regulations  require  an 
entirely  new  approach  to  storing 
and  searching  e-mails. 
Noncompliance  is  not  an  option. 
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“E-mail  has  become  the  primary  medium 
for  how  we  communicate,”  says  Jeffrey 
Schwarz,  a  partner  at  McDermott,  Will  & 
Emery.  “Four  years  ago  we  used  paper  and 
FedEx.  Now  almost  everything  is  done  over 
e-mail.”  The  consequence  is  that  e-mail  has 
become  a  de  facto  record  repository,  a  bur¬ 
den  that  e-mail  systems  as  we  know  them 
can  barely  handle.  “We  are  trying  to  make  a 
system  do  something  that  it  wasn’t  designed 
to  do,”  says  Schwarz,  who  is  also  the  top  IT 
officer  for  the  $668  million  firm.  “E-mail 
wasn’t  designed  to  be  a  document  repository. 
It  was  meant  to  be  send,  read,  delete.  But  now 
you  can’t  delete.  There  are  regulations  that 
don’t  let  you  do  that.” 

Many  CIOs  thought  they  had  nailed  e-mail 
systems  in  the  ’90s  and  could  move  on  to 
more  important  things,  but  the  kind  of  search 
required  by  the  new  regulations  is  beyond 
the  capability  of  most  current  e-mail  systems. 
Simply  adding  more  storage  isn’t  nearly 
enough.  Consider  that  over  the  next  seven 
years,  a  company  with  20,000  employees 
will  have  to  save  approximately  4.5  billion 
e-mails,  and  it  must  be  able  to  search  through 
them  all  to  find  messages  relevant  to  a  request 
for  information  in  a  matter  of  days  or  hours. 
“These  new  [regulatory]  obligations  require 
you  not  just  to  save  more  e-mails,  but  to  be 
able  to  access  them  promptly,”  says  Carl  Met¬ 
zger,  a  partner  specializing  in  securities  liti¬ 
gation  at  Testa,  Hurwitz  &  Thibeault.  “CIOs 
who  have  ignored  these  requirements  need  to 
take  their  heads  out  of  the  sand.”  It’s  high 
time  for  all  CIOs  to  reexamine  their  e-mail 


management  systems. 

Federal  regulators  understand  the  role 
e-mail  plays  in  corporate  life  today.  Conse¬ 
quently,  almost  every  new  regulation  man¬ 
dates  that  companies  save  those  messages  for 
years.  For  example,  the  Sarbanes-Oxley  Act 
requires  every  public  company  to  save  every 
record  that  informs  its  audit  process,  e-mails 
included,  for  seven  years.  Different  regula¬ 
tions  target  specific  industries.  Securities  and 
Exchange  Commission  Rule  17a-4,  which 
covers  brokerages,  is  the  most  publicized 
example.  The  Health  Insurance  Portability 
and  Accountability  Act  and  Medicare  both 
require  health-care  companies  to  save  e-mails. 
Pharmaceutical  companies,  telecommuni¬ 
cations  companies  and  government  contrac¬ 
tors  have  to  comply  with  other  e-mail  laws 
and  rules.  (See  “You’ve  Got  Rules,  Page  56.) 

And  the  rules  are  being  enforced.  Until 
recently,  the  SEC  rarely  requested  e-mails, 
so  brokerages  didn’t  take  seriously  the  long¬ 
time  requirement  that  e-mails  be  stored  and 
kept  accessible.  Then  in  December  2002,  the 
SEC  fined  five  brokerages  $8.25  million  for 
failure  to  retain  e-mails.  That  got  the  indus¬ 
try’s  attention.  While  only  a  few  companies 
were  fined,  violations  in  the  industry  were 
widespread,  says  an  e-mail  manager  who 
spoke  with  CIO  about  violations  at  his  com¬ 
pany  in  exchange  for  anonymity.  “I  don’t 
think  the  SEC  had  ever  thought  about  apply¬ 
ing  [the  rules],”  he  says,  and  as  a  result 
nobody  was  prepared  to  comply.  “We  were 
noncompliant  with  the  retention  require¬ 
ment  too.” 


Setting  aside  the  question  of  regulations,  a 
good  e-mail  management  policy  is  a  good 
business  practice.  Qualcomm  Senior  Vice 
President  and  CIO  Norm  Fjeldheim  says  his 
company  saves  every  e-mail  sent  or  received 
to  fend  off  potential  patent  violation  lawsuits. 
Yet  a  2003  study  by  the  Association  for  Infor¬ 
mation  and  Image  Management  and  Kahn 
Consulting  found  that  60  percent  of  compa¬ 
nies  have  no  formal  e-mail  retention  policy. 

Storing  and  searching  messages  on  a  large 
scale  requires  a  new  approach.  This  ap¬ 
proach  has  four  different  but  interrelated 
components:  storage,  archiving,  indexing 
and  policy  enforcement.  For  the  most  part,  it 
is  a  seamless  change  for  users  and  a  straight¬ 
forward  initiative  for  CIOs.  “This  isn’t  rein¬ 
venting  the  wheel,”  says  Vincent  Cottone, 
vice  president  and  director  of  infrastructure 
service  for  mutual  fund  company  Eaton 
Vance.  The  key  to  the  new  e-mail  manage¬ 
ment  is  several  technologies  that  are  coming 
of  age— and  consequently  coming  down  in 
price.  Cheaper  disk  storage  lets  CIOs  store  e- 
mails  in  a  searchable  format,  and  archiving 
and  indexing  software  gives  these  messages 
the  meta-data  that  makes  searching  possi¬ 
ble  on  the  required  scale.  And  it  all  happens 
on  the  back  end. 

WHY  THE  OLD  WAY  DOESN’T  WORK 

Exchange  and  Lotus  Notes,  the  two  domi¬ 
nant  e-mail  platforms  today,  were  not 
designed  with  today’s  e-mail  management 
needs  in  mind.  These  systems  were  made  to 
communicate  messages,  not  to  become  a 
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company’s  primary  document  repository— 
and  certainly  not  to  give  CIOs  control  of  all 
their  companies’  e-mails.  In  fact,  Exchange’s 
personal  folder  storage  system  is  in  a  sense 
the  opposite  of  what  a  compliance-minded 
policy  calls  for,  in  that  it  allows  users  to 
remove  messages  from  the  server  and  store 
them  locally. 

In  the  past,  e-mail  management  was  a 
matter  of  buying  more  servers  and  backing 
up  onto  tape.  But  tape  is  an  insufficient 
medium  in  a  regulated  environment.  First,  it 
breaks.  According  to  Peter  Gerr,  an  analyst  at 
ESG,  only  70  percent  of  companies  have  a 
tape  recovery  rate  greater  than  80  percent. 
Second,  it  takes  too  long.  Qualcomm’s  Fjeld- 
heim  says  the  standard  turnaround  time  to 
find  e-mails  requested  by  his  legal  depart¬ 
ment  on  his  tape  backup  is  three  or  four 
weeks.  That  may  be  acceptable  for  legal  dis¬ 
covery  or  an  internal  investigation,  but  it  will 
get  you  into  trouble  with  regulators.  Bank  of 
America,  for  example,  was  fined  $10  million 
in  March  2004  when  it  failed  to  turn  over  e- 
mails  to  the  SEC  in  a  timely  manner  (cur¬ 
rently  interpreted  as  only  36  to  72  hours). 

Switching  to  disk  storage  technology  is 
part  of  the  answer,  and  it  is  easy  enough  now 
to  buy  disk  storage  instead  of  tape.  Prices 
are  coming  down;  a  terabyte  of  disk  storage 
today  costs  a  sixteenth  of  its  price  in  2001, 
according  to  Gerr.  But  simply  switching 
from  tape  to  disk  doesn’t  solve  the  more  fun¬ 
damental  problem  of  search  and  recovery. 
Gerr  says  that  just  as  with  tape,  e-mails  on 
disk  are  hard  to  search  unless  they  are 


"E-mail  wasn't  designed 
to  be  a  document 
repository.  It  was 
meant  to  be  send, 
read,  delete.  But  now 
you  can't  delete.  There 
are  regulations  that 
don't  let  you  do  that." 

JEFFREY  SCHWARZ, 

McDERMOTT,  WILL  &  EMERY 

indexed.  “Exchange  and  Lotus  don’t  have 
native  tools  to  index  all  the  incoming  and 
outgoing  messages,”  he  says.  For  the  time 
being,  that  capability  needs  to  come  from 
third-party  software  that  can  intercept  e- 
mails  as  soon  as  they  hit  the  mail  server, 
index  them  and  send  them  to  an  archive. 

THE  NEW  METHOD  OF 
E-MAIL  MANAGEMENT 

When  David  Taylor  became  CIO  of  the 
Florida  Department  of  Health  in  March 
2003,  he  started  telling  anyone  who  would 
listen  that  the  organization  had  to  change 
the  way  it  managed  e-mails.  There  were 
17,000  users  who  together  produced  about 
3  terabytes  of  e-mail  a  year.  And  because  of 
Florida’s  Sunshine  Law,  which  lets  any  citi¬ 
zen  obtain  a  copy  of  any  government  docu¬ 
ment,  Taylor  had  to  save  every  single  e-mail. 
The  department  met  the  challenge,  for  the 
most  part,  but  it  was  doing  so  in  an  unde¬ 
pendable  way. 


For  starters,  the  department’s  document 
retention  policy  relied  on  individuals  for 
enforcement.  “Every  employee  had  to 
understand  the  records  requirement,”  Tay¬ 
lor  says,  which  meant  that  employees 
applied  different  interpretations  and  levels 
of  diligence.  “There  is  no  need  to  save  an 
e-mail  that  says,  ‘Hey,  let’s  go  to  lunch.’  But 
it  was  up  to  the  individual  to  make  that  deci¬ 
sion,”  he  says.  One  of  the  most  glaring  prob¬ 
lems  with  this  approach  was  that  users 
tended  to  keep  e-mails  in  their  inboxes, 
which  sometimes  grew  to  20,000  e-mails 
and  4GB  to  5GB.  Trying  to  find  any  single 
e-mail  in  this  setup  placed  a  tremendous 
strain  on  the  e-mail  server.  “A  lot  of  people 
would  feel  it  if  a  person  with  a  4-gig  mailbox 
did  a  sort  by  name,”  says  Taylor. 

Whenever  the  legal  department  needed 
to  retrieve  requested  communications  about 
something  complicated,  such  as  informa¬ 
tion  that  led  to  a  procurement  decision,  the 
system  handicapped  the  department.  “It 
could  be  a  major  fishing  expedition,”  says 
Taylor.  Someone  in  IT  would  have  to  find 
and  restore  the  backup  tapes  and  then 
search  through  all  the  e-mails  to  find  the 
right  ones.  But  sometimes  e-mails  might  get 
inadvertently  deleted  from  users’  inboxes 
before  the  backup  was  performed.  Even  fig¬ 
uring  out  if  they  were  searching  the  right 
tapes  was  a  difficult  matter;  the  burden  fell 
to  the  requester  of  the  e-mails  to  provide 
very  detailed  information,  a  date  range  and 
who  the  senders  or  recipients  were.  There 
was  also  the  question  of  how  many  tapes  to 
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restore.  “We  did  due  diligence,  but  that  was 
all  you  could  do,”  says  Taylor.  “There  was  no 
guarantee  you  could  find  something.” 

To  break  his  dependence  on  the  users,  in 
2003  Taylor  set  up  what  he  refers  to  as  a 
vault.  As  soon  as  an  e-mail  arrives  at  the 
Department  of  Health’s  Exchange  server,  a 
copy  is  automatically  sent  to  the  vault,  which 
is  actually  a  Centera  storage  device  from 
EMC.  The  change  is  seamless  for  users;  they 
still  send  and  receive  e-mails,  and  can  store 
them  anywhere  they  want.  It’s  just  that  the 
department  now  has  a  master  copy  as  well. 

Storing  e-mails  is  just  the  beginning.  A 
comprehensive  approach  to  e-mail  manage¬ 


ment-one  that  will  not  only  meet  regula¬ 
tory  requirements  but  will  also  actively  pre¬ 
vent  violations— includes  indexing  and 
policy  enforcement. 

INDEXING.  Having  an  e-mail  archive  helps 
relieve  the  burden  on  servers,  and  it’s  easier 
to  search  than  tape  backups.  However,  good 
e-mail  management  doesn’t  stop  there.  To 
fully  enjoy  the  benefits  of  an  archive,  CIOs 
need  to  create  an  index  that  captures  key 
information  about  each  e-mail.  In  the  past, 
the  simple  search  tools  that  came  with  an 
e-mail  program  would  suffice;  administra¬ 
tors  could  enter  keywords  and  search  the 
server.  But  McDermott,  Will  &  Emery’s 


The  standard  e-mail  system  places  too 
many  demands  on  and  gives  too  much 
responsibility  to  individual  users,  says 
David  Taylor,  CIO  of  the  Florida  Depart¬ 
ment  of  Health. 

Schwarz  says  the  usefulness  of  that  kind  of 
searching  is  long  past.  “Consider  your  closet. 
That  is  what  e-mail  was  in  1999,”  he  says. 
E-mail  volumes  were  small  enough  that 
searching  for  any  particular  item  was  simply 
a  matter  of  sorting  through  a  few  alterna¬ 
tives.  Nowadays,  says  Schwarz,  a  company’s 
e-mail  is  like  the  inventory  for  Wal-Mart: 
“It’s  too  big  to  go  through  by  hand.  You  need 
to  have  a  logistics  system  to  manage  it.” 

For  this,  CIOs  need  software  that  ana¬ 
lyzes  messages  bound  for  the  archive, 
creates  meta-data  tags  that  identify  the 
sender  and  recipient,  and  performs  a  con¬ 
text-based  analysis  of  the  message.  John 
Hegner,  vice  president  of  technology  serv¬ 
ices  at  Liberty  Medical  Supply,  deployed 
such  a  system  in  July  2004.  His  business 
is  subject  to  HIPAA  requirements  and 
Medicare  audits.  “If  a  customer  complains 
that  something  happened,  we  can  search 
through  e-mails,  based  on  a  name  or  a  num¬ 
ber,  to  see  if  there  is  a  record  of  it,”  says  Heg¬ 
ner.  “Same  if  an  employee  claims  he  never 
got  an  e-mail  from  a  customer  or  a  business 
partner.  We  can  determine  if  that  is  true  or 
not.”  A  search  through  a  terabyte’s  worth  of 
e-mails  takes  just  a  couple  of  minutes.  The 
search  results  return  a  list  of  e-mails  from 
the  indexing  directory.  If  Hegner  wants  to 
check  out  a  particular  e-mail  to  see  if  it’s 
what  he  is  looking  for,  he  simply  clicks  the 
link  to  the  archive. 

POLICY  ENFORCEMENT.  Proper  e-mail  man¬ 
agement  requires  an  early  warning  system 
for  violations.  After  all,  it’s  ridiculous  to  go  to 
the  effort  and  expense  of  indexing  and 
archiving  e-mails  if  you’re  just  making  it  eas¬ 
ier  to  find  incriminating  evidence  after  the 
fact.  One  of  the  benefits  of  reviewing  e-mails 
is  that  inbound  and  outbound  messages  that 
test  positive  for  certain  illegal  terms  or  con¬ 
text  can  be  flagged  and  routed  to  a  compli¬ 
ance  officer  for  review.  To  protect  their 
companies,  CIOs  need  to  be  able  to  stop 
e-mails  that  violate  policies  before  they  go 
out.  “If  something  goes  wrong,  you  don’t 
want  to  have  to  explain  to  your  board  how 
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When  it  comes  time  to  standardize  your  BI, 

do  things  right  the  first  time.  '  C" 

Visit  the  Cognos  Standardization  Resource  Center 

at  Cognos.com/leader  today.  the  next  level  of  performance™ 
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Compliance 


difficult  it  was  to  detect,”  says  Metzger  of 
Testa,  Hurwitz  &  Thibeault. 

After  the  SEC  cracked  down  on  broker¬ 
ages  in  late  2002,  the  unnamed  e-mail 
manager  of  a  large  company  installed  a  mon¬ 
itoring  tool  to  make  sure  that  all  e-mails  sent 
and  received  by  employees  complied  with 
regulatory  requirements.  “We  had  had  com¬ 
munications  policies  [in  place]  for  five  years, 
but  we  could  never  implement  them,”  he 
says.  The  new  policy  tool  searched  for  cer¬ 
tain  words,  terms  or  meanings  in  e-mails 
that  would  trigger  an  alert,  and  then  routed 
the  e-mail  to  a  compliance  officer  who 
needed  to  give  approval  before  the  e-mail 
would  be  sent. 

The  results  were  shocking,  says  the  e- 
mail  manager.  Despite  the  looming  presence 
of  the  SEC,  employees  were  still  sending 
several  hundred  e-mails  a  week  that  vio¬ 
lated  federal  regs.  “The  majority  were  hon¬ 
est  mistakes,”  says  the  manager,  such  as  a 
research  analyst  sending  a  report  to  an  old 
distribution  list  that  included  traders  (in 
contravention  of  the  “Chinese  Wall”  sepa¬ 
ration  of  research  and  trading  functions). 
But  some  of  the  violations  appeared  inten¬ 
tional,  he  says.  With  the  new  e-mail  system, 
the  company’s  compliance  officer  is  able  to 
confront  the  offender  before  it  becomes  a 
criminal  matter. 

HOW  MUCH  E-MAIL  MANAGEMENT 
IS  RIGHT  FOR  YOU? 

Some  organizations— especially  small,  pri¬ 
vate,  unregulated  companies— can  go  with¬ 
out  new  e-mail  management  software,  or  at 

"Regulatory  compliance 
is  not  a  traditional  IT  job. 
But  this  is  big  for  us. 

We  need  to  be  aware  of 
everything/' 

VINCENT  COTTONE,  VP  AND  DIRECTOR 
OF  INFRASTRUCTURE  SERVICE,  EATON  VANCE 

least  can  wait  before  investing.  And  there  are 
benefits  to  waiting;  disk  storage  and  e-mail 
indexing  and  monitoring  software  are  both 
becoming  commodities.  While  setting  up  a 
system  that  can  archive,  index  and  monitor 
costs  between  $5  and  $25  per  user  per  year 
today  (the  exact  cost  depends  on  the  size  of 


YOU'VE  GOT  RULES 

BURGEONING  E-MAILS  LEAD  TO  MULTIPLE  REGULATIONS 

•  THE  SARBANES-OXLEY  ACT  OF  2002 

All  public  companies  are  required  to  save  records  relevant  to  the  audit  process, 
including  e-mails,  for  seven  years.  Some  sections  that  haven’t  taken  effect  yet, 
such  as  the  real-time  disclosure  rule,  will  force  companies  to  monitor  the 
contents  of  e-mail  for  material  events. 


•  SECURITIES  AND  EXCHANGE  COMMISSION  RULE  17A-4 

Stemming  from  the  Securities  Exchange  Act  of  1934,  this  rule  requires 
brokerages  to  save  e-mails  in  an  easily  accessible  place  for  two  years. 


•  THE  HEALTH  INSURANCE  PORTABILITY  AND  ACCOUNTABILITY 
ACT  OF  1996 

Privacy  rules  dictate  what  information  health-care  companies  can  and 
cannot  include  in  e-mails. 


•  MEDICARE 

Health-care  companies  are  required  to  retain  e-mails  that  are  especially 
important  during  audits. 


•  OTHER  LEGISLATION 

The  Can-Spam  Act  of  2003  for  marketers,  the  Tread  Act  of  2000  for  the  automotive 
industry,  the  Gramm-Leach-Bliley  Act  of  1999  and  the  USA  Patriot  Act  of  2001  all 
force  companies  in  many  industries  to  change  the  way  they  manage  e-mail. 


the  company),  those  prices  are  expected  to 
be  substantially  lower  within  two  years,  says 
ESG’s  Gerr. 

Most  U.S.  companies,  however,  are  sub¬ 
ject  to  at  least  one  of  the  myriad  regulations 
that  necessitate  a  new  approach  to  e-mail 
management.  And  while  prices  will  invari¬ 
ably  come  down,  the  risks  of  waiting  are  too 
high.  “Compliance  is  the  catalyst  that  makes 
it  more  urgent,”  says  Schwarz.  “If  HIPAA 
and  Sarbanes-Oxley  and  other  regulations 
hadn’t  come  out,  we  could  have  taken  more 
time  to  address  e-mail  management.” 

And  while  the  price  for  management  sys¬ 
tems  can  run  upwards  of  $500,000,  the 
potential  avoided  cost  for  regulated  compa¬ 
nies  is  worth  it.  A  single  fine  from  the  SEC  or 
another  regulator  can  easily  outstrip  that. 

But  CIOs  looking  for  a  traditional  ROI 
can  probably  find  that  too.  Archiving  e-mails 
onto  searchable  disk  storage  means  you  can 
take  them  off  more  expensive  servers.  And 
while  the  quantity  of  e-mail  that  companies 
need  to  save  is  soaring,  most  archiving  soft¬ 
ware  saves  only  one  copy  of  each  e-mail  and 
corresponding  attachment— whether  it  was 
sent  to  two,  10  or  50  people  in  the  company. 


That  means  the  overall  number  of  e-mails 
being  saved  might  actually  go  down.  Also, 
recovering  e-mails  from  tape  takes  a  long 
time.  And  time,  of  course,  is  money.  In  the 
case  of  a  regulated  industry,  that  time  can 
lead  to  millions  of  dollars  in  fines. 

What’s  more,  the  e-mail  management  crisis 
offers  a  rare  chance  for  the  CIO  to  be  the  hero. 
Eaton  Vance’s  Cottone,  for  example,  brought 
the  issue  to  the  attention  of  his  compliance 
officer.  “[Regulatory  compliance]  is  not  a  tra¬ 
ditional  IT  job,”  he  says.  “But  this  is  big  for 
us.  We  need  to  be  aware  of  everything.”  By 
extending  his  scope,  Cottone  enhanced  his 
standing  and  protected  that  of  his  company. 
“Your  reputation  is  at  stake,”  he  says,  “and 
you  can’t  put  a  price  on  reputation.”  BE] 


Senior  Writer  Ben  Worthen  (bworthen@cio.com) 
covers  public  policy  and  technology. 


More  on  Messaging 


Don’t  think  you’re  done  just  yet.  Once  you  have 
e-mail  under  control,  you’ll  need  to  tackle 
instant  messaging.  Read  attorney  John  Glied- 
man’s  advice  on  dealing  with  the  risk  of  IM  at 

www.cio.com/printlinks. 
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Chamber  Doors 

Access  to  hot  aisle 
locks  for  security 


What  is 
data  center 
on  demand? 


Infrastructure 


DATA  CENTERS  ON  DEMAND 


Order  your  solution  today.  Call  888-289-APCC  x3307. 

Don't  see  the  configuration  you  need? 


Try  APC's  online  InfraStruXure™ BuildOut  Tool 
today  and  receive  3  FREE  APC  white  papers. 

Go  to  http://promo.apc.com  and  enter  key  code  w448y 
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Highly  available  and  manageable, 

quick-to-install,  scalable  architecture 

that  easily  supports  both  standard- 

and  high-density  applications. 

-  Up  to  20kW  a  rack  for  any 
blade  server  application 

-  Unlimited  racks 

-  Ships  in  5  days** 

-  Installs  in  I  day** 

-  Optional  on-site 
power  generation 

-  Raised  floor  not  required 

-  Vendor  neutral  guaranteed 
compatibility 


Legendary  Reliability® 


Now  you  can  quickly  deploy  a 
standard-  or  high-density  site  of  any  size 
with  scalable,  top-tier  availability. 


Part 

Number 

Usable 

IT  Racks 

Average 
kW  per  Rack 

Price 
to  buy 

Price  to  lease 
(36  installments) 

ISXCR1SY16K16P5 

1 

up  to  5kW 

$1 4,999* 

s499 

ISXT240MD6R 

6 

up  to  5kW 

$1 49,999' 

$4,999 

ISXT240MD11R 

11 

up  to  5kW 

s249,999' 

$7,999 

ISXT280MD40R 

40 

up  to  5kW 

$699,999‘ 

S21 ,999 

ISXT2800MD100R 

100 

up  to  5kW 

$1 ,649,999* 

$50,999 

High  Density  Configuration  (shown  aboVe> 

ISXT280HD8R 

8 

up  to  lOkW 

s399,999* 

$1 2,999 

High  density  upgrades  start  at  S1 0,999 
On-site  power  generation  options  start  at  $29,999 


BEST  OF  INTEROP 


All  multi-rack  configurations  feature: 

if  N+ 1  power  and  cooling 
if  Secure,  self-contained  environment 
if  Peak  capacity  of  20kW  per  rack 
if  Enhanced  service  package 
if  Integrated  management  software 


"  Prices  do  not  include  IT  equipment  **  Install  and  delivery  times  may  vary 
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Former  U.S.  Secretary  of  State  Madeleine  Albright  shares  her  secrets  for 
persuading  people  even  tougher  than  Larry  Ellison  to  do  what  you  want 


CIOS  CAN  LEARN  A  LOT  FROM  DIPLOMATS  and  government  leaders, 
both  in  terms  of  negotiating  with  and  influencing  people,  and  in  regard  to 
the  way  information  is  gathered,  filtered  and  shared.  As  U.S.  Secretary  of 
State  and,  before  that,  U.S.  Ambassador  to  the  United  Nations,  Madeleine 
Albright  had  dealings  with  some  of  the  smartest— and  some  of  the  most 
notorious— leaders  on  the  planet.  CIO  Editor  in  Chief  Abbie  Lundberg  and 
Senior  Writer  Meridith  Levinson  spoke  with  Albright  at  the  CIO  |  05  con¬ 
ference  in  Scottsdale,  Ariz.  We  asked  what  she  had  learned  during  her 
years  at  the  apex  of  the  national  information  and  policy  pyramid. 
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CIO:  What’s  the  most  important  thing  to  keep 
in  mind  when  you’re  in  a  critical  negotiation 
with  someone  whose  views  and  agenda  are 
quite  different  from  your  own? 

MADELEINE  ALBRIGHT:  There  are  really 
two  things.  You  have  to  know  what  it  is  you 
want.  You  can’t  go  into  a  negotiation  without 
clarity  about  what  your  objective  is.  The  other 
[critical  piece]  is  almost  the  exact  opposite, 
which  is  trying  to  get  into  the  other  person’s 
shoes.  If  you  don’t  understand  what  they 
have  to  get  out  of  it,  you  can’t  figure  out  what 
steps  they  can  take  to  give  you  what  you  want. 

You’ve  always  done  a  tremendous  amount  of 
research  before  going  into  negotiating  situa¬ 
tions.  How  do  you  operate  when  you  can’t  get 
the  information  you  need? 

Well,  you  really  try  to  avoid  that.  Normally, 
I  would  have  a  lot  of  information  before 
I  went  in.  But  when  you  don’t  have  an 
embassy,  it’s  hard  to  get  the  kind  of  informa¬ 
tion  you  need.  When  I  was  talking  to  Kim 
Jong  II  of  North  Korea,  we  didn’t  have  that 
much  information  about  him.  We  knew  that 


So  how  did  you  approach  Kim  Jong  II  in  that 
first  meeting? 

The  thing  you  learn  is  that  you  have  to  listen. 
I  would  normally  let  the  other  party  talk  first 
and  elicit  things  from  them  with  simple  ques¬ 
tions.  If  you  just  go  in  and  start  talking  first 
and  lay  down  your  position,  you  never  really 
know  where  the  other  person  is  coming  from. 

CIOs  sometimes  have  to  deliver  bad  news  to 
their  bosses  or  boards  of  directors  that  could 
threaten  their  careers.  What’s  the  best  way  to 
deliver  bad  news  effectively? 

If  you  have  a  tough  message  to  deliver,  you 
have  to  deliver  it  straight.  You  have  to  make 
sure  that  the  message,  whatever  it  is,  is  clearly 
received.  Otherwise,  invariably,  somebody 
will  come  back  and  say,  “Well,  that  isn’t  what 
I  got  out  of  what  you  said.”  You  need  to  make 
sure  that  there  is  no  question  about  what  it  is 
you  actually  said. 

How  would  you  do  that? 

For  the  most  part,  you  try  to  get  the  person  in 
subsequent  conversations  to  repeat  what  you 


time.  It’s  part  of  the  preparation  for  a  meeting. 
It  helped  me  find  out  who  was  where,  who 
would  be  my  ally  in  something.  Sometimes 
[the  goal  was  to  get  someone  else]  to  present  an 
idea  that  we  had  so  that  it  wasn’t  the  United 
States  saying  this  in  a  foreign  negotiation. 

You  used  this  approach  in  the  effort  to  replace 
Boutros-Ghali  with  Kofi  Annan  as  Secretary 
General  of  the  United  Nations  by  urging  vari¬ 
ous  African  nations  to  champion  Annan  as  an 
alternative. 

I  call  that  “letting  somebody  else  have  your 
way.”  It’s  a  very  important  thing.  The  other 
thing  that  is  very  important  is  that  you  can’t 
take  credit  for  everything.  You  have  to  let 
somebody  else  get  the  kudos  sometimes,  and 
ultimately  it  gets  back  to  you. 

In  your  book  [Madam  Secretary ],  you  describe 
many  personal  things  you  did  for  people, 
whether  you  were  dealing  with  colleagues  in 
the  U.S.  government  or  foreign  leaders. 

That  may  be  a  girl  thing,  but  I  do  think  that  it 
helps  because  we’re  all  human.  If  you  try  to 


COMMUNICATION, 

INFORMATION  AND 


at  that  stage  (in  2000),  he  had  a  nuclear 
potential.  We  were  concerned  about  his  mis¬ 
sile  technology.  But  our  information  on  him 
was  pretty  sketchy,  and  our  intelligence 
information  basically  said  he  was  crazy.  But 
once  I  talked  to  him  and  once  Kim  Dae-jung, 
the  president  of  South  Korea,  had  talked  to 
him,  it  was  evident  he  wasn’t  crazy.  So  you 
had  to  figure  out  what  was  going  on  in  his 
mind.  That  probably  was  the  hardest  part, 
because  we  don’t  really  have  a  functional 
relationship  with  them. 


said.  Not  by  saying,  “Repeat  to  me  what  I  just 
told  you,”  but  you  go  back  to  the  subject  to  see 
if  they  fully  understood.  If  they  start  acting 
like  the  relationship  still  goes  on  as  it  was 
before,  then  you  know  they  didn’t  understand. 

It  was  standard  practice  for  you  to  have  one- 
on-one  conversations  with  fellow  Cabinet 
members  or  ambassadors  before  important 
meetings.  What’s  the  value  of  conducting 
these  premeeting  meetings? 

You  want  to  do  as  much  as  you  can  ahead  of 


show  some  interest  in  the  person  you’re  talk¬ 
ing  to,  I  think  it  helps  in  the  long  run.  I  have  to 
say  in  all  fairness  that  I  used  to  switch  signals. 
I’d  be  very  nice,  and  then  I’d  let  ’em  have  it. 

You’re  vocal  about  women’s  issues  and  the 
challenges  you  faced  working  in  predomi¬ 
nantly  male  environments.  Some  women 
CIOs  are  reluctant  to  discuss  such  challenges. 
Why  do  you  think  this  is? 

I  actually  think  I  am  too.  I  talk  about  it  now, 
but  I  didn’t  exactly  spend  my  entire  time 
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Interview  Madeleine  Albright 


going  around  saying,  “You’re  not  treating  me 
well  as  a  woman.”  If  you  set  yourself  up  as  a 
victim,  you  become  a  victim.  And  mostly 
operating  in  a  male  world,  you  try  not  to  be 
somebody  who’s  always  got  everybody’s 
teeth  on  edge.  You  want  to  blend  in. 

The  thing  that  made  all  the  difference  for 
me  (and  I  don’t  know  exactly  how  to  say  this) 
is  that  I  was  representing  the  United  States. 
That  was  a  sign  that  the  United  States 
thought  it  was  important  that  women  should 
have  an  important  role.  A  female  CIO  is  just 
one  of  many.  It’s  a  good  idea  to  work  with 
other  women  so  that  you  develop  some  kind 
of  a  support  system.  And  sometimes,  when  a 
situation  is  egregious,  then  you  have  to  step 
out.  But  for  the  most  part,  people  don’t  like 
angry  women,  and  you  don’t  get  ahead  that 
way.  But  you  can’t  be  made  a  victim,  and  you 
can’t  allow  things  to  pass.  It’s  hard.  My  U.N. 
thing  and  what  I  did  as  secretary,  it  made  a 
big  difference  that  I  was  representing  the 
United  States. 

What  role  do  you  see  large  corporations  hav¬ 
ing  on  the  world  stage? 

They  can  play  an  important  role.  Multina¬ 
tional  corporations  can  help  and  be  partners 
rather  than  adversaries  with  countries.  And 
governments  could  be  helpful  to  them  in 
negotiating  trade  and  intellectual  property 
rights  and  the  like.  As  secretary,  I  liked  meet¬ 


ing  with  business  leaders,  because  they  have 
great  information  about  what’s  happening 
on  the  ground.  But  it’s  essential  that  Ameri¬ 
can  corporations  be  good  citizens  wherever 
they  are  in  the  world.  They  have  to  be  seen  as 
adding,  not  exploiting,  in  terms  of  human 
rights,  the  environment  and  other  issues. 

What  are  your  thoughts  about  privacy  rights 
versus  national  security? 

The  question  is:  What’s  a  derogation  of 
human  rights,  and  what’s  just  irritating?  I 


get  wanded  every  time  I  go 
through  an  airport.  That’s 
not  a  derogation  of  rights; 
it’s  just  irritating.  But  I’ve 
run  into  a  lot  of  booksell¬ 
ers  and  librarians,  and 
they’ve  made  me  see  that 
the  Patriot  Act  is  a  misno¬ 
mer.  Tracking  what  people 
read  is  more  a  derogation 
of  rights.  My  students,  for 
example,  who  write  papers 
on  terrorism,  wonder  how 
much  they’re  being  checked 
up  on.  We’ve  swung  in  the 
wrong  direction. 

As  the  chief  architect  of  American  foreign 
policy,  you  were  at  the  apex  of  a  pyramid 
designed  to  sift  through  incredible  amounts 
of  information,  with  a  huge  staff  all  trying  to 
keep  you  as  informed  as  possible  to  make 
good  decisions.  Was  the  system  by  which 
people  delivered  information  to  you  suffi¬ 
cient?  Or  did  you  have  to  go  outside  this 
apparatus  to  get  in  touch  with  reality? 

Every  morning  a  pamphlet  would  come  from 
the  intelligence  and  research  sections  of  the 
State  Department,  and  it  would  have  summa¬ 
rized  all  the  information  that  had  come  in 
overnight  and  put  it  within  a  historical  and 
diplomatic  context.  A  CIA  person  would  come 


and  give  me  the  president’s  daily  brief,  as  well 
as  the  longer  CIA  overnight  book.  Then  there 
would  be  a  variety  of  papers  from  other  intel¬ 
ligence  sources. 

This  information  is  just  product,  and  the 
policy-maker  is  the  consumer.  You  have  to 
triangulate  [among  the  different  sources]. 
And  it’s  up  to  the  consumer  to  pull  the  pieces 
together  and  make  sense  of  it.  This  is  why 
I’m  so  stunned  about  what  happened  over 
in  Iraq.  Everything  I  ever  read  was  couched 
with  all  kinds  of  caveats:  “This  is  from  X 


source  that  we  don’t  know 
about,”  or  “DIA  [Defense 
Intelligence  Agency]  dis¬ 
agrees  with  the  CIA....” 
They  never  said,  “This  is 
what  has  actually  hap¬ 
pened.” 

You  do  need  input  from 
the  outside,  but  it  has  to  be 
presented  in  a  way  that’s 
useful,  not  highly  theoret¬ 
ical.  I  noticed  this  first  in 
the  Carter  administration. 
The  Soviets  had  invaded 
Afghanistan,  and  we 
brought  in  some  high-level 
people  in  the  foreign  policy 
elite.  There  was  a  complete  disconnect  between 
the  experts  and  academics  on  the  outside  and 
the  people  on  the  inside  making  the  decisions. 

And  behind  all  this  are  human  beings. 
Somebody  at  a  lower  level  is  doing  the 
research,  and  it  filters  up.  You  rely  on  the  orig¬ 
inal  person  to  not  make  a  mistake.  As  things 
become  revealed,  you  have  to  question  that. 

I  personally  believed  there  were  WMDs, 
based  on  information  I’d  had  all  along  and 
the  fact  that  inspectors  had  not  accounted 
for  all  the  weapons.  So  by  deduction,  I 
thought  they  were  there. 

Intelligence  communities  are  trying  to  find 
better  ways  to  share  information.  Should 
agencies  be  combined  into  one  superagency? 

We  need  to  get  cooperation  between  the  CIA 
and  FBI.  They  have  been  proprietary  and 
haven’t  shared.  It  is  essential  that  we  share. 
It’s  the  only  way  we  can  deal  with  terror¬ 
ists— by  tracking  money  and  figuring  out 
who  they  are,  where  they’re  going  and  who’s 
in  charge.  But  information  is  just  the  raw 
material.  That’s  why  selecting  the  right  lead¬ 
ers  is  so  important. 

I  think  certain  parts  can  be  combined.  On 
the  other  hand,  I  liked  the  idea  of  having  com¬ 
peting  information.  I  liked  doing  all  the  read¬ 
ing  and  finding  out  who  had  the  better  source. 
There’s  got  to  be  some  way  the  agencies  can 
work  better  together.  If  there  were  a  way  to 
avoid  duplication  and  get  them  to  work  better 
together  toward  getting  the  important  infor¬ 
mation,  and  getting  everything  into  the  system, 
I’d  be  for  it.  How  come  the  FBI  knew  nothing 
on  9/10  and  everything  on  9/12?  K3E1 


kk  If  you  have  a  tough  message  to  deliver,  you  have  to 
deliver  it  straight.  You  have  to  make  sure  that  the  mes¬ 
sage,  whatever  it  is,  is  clearly  received.  Otherwise, 
invariably,  somebody  will  come  back  and  say,  ‘Well, 
_ that  isn’t  what  I  got  out  of  what  you  said.’  I  f _ 
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intelligence  everywhere 


Because  critical  data  could  be  accessed  on  the  spot,  this  didn't  become  an  even 
longer  night. 

By  instantly  accessing  Mission  Critical  information,  such  as  Department  of 
Justice  records,  police  quickly  apprehended  their  suspect  and  prevented  him 
from  completing  the  crime  he  had  planned.  With  intelligent  data  delivered 
directly  into  the  officer's  hands,  decision-making  was  enhanced,  helping  these 
responders  better  anticipate,  prepare  and  prevent. 


Discover  how  a  Motorola  Mission  Critical  solution  can  provide  responders  with 
instant  Mission  Critical  data  for  additional  effectiveness  especially  in  suspicious 
circumstances.  Call  1-800-367-2346  or  visit  www.motorola.com/missioncritical 
and  well  send  you  a  free  copy  of  In  the  Event  of:  The  Guide  to  Mission  Critical 
and  subscribe  to  the  Mission  Critical  Communications  series. 

It's  the  intelligence  you  need  in  an  unpredictable  world. 


Motorola  CommerSBBovernment  Solutions  Sector  is  the  recipient  of  the  2002  Malcolm  Baldrii 
MOTOROLA  and  thestylized  M  Logo  are  registered  in  the  US  Patent  and  Trademark  Office.  € 


U.S.  computer 
makers  such  as 
Dell,  Motorola  and 
HP  are  outsourc¬ 
ing  not  just  the 
manufacture  but 
the  design  of  new 
products  to 
offshore  compa¬ 
nies.  Could  this 
be  the  end  of 
America’s 
innovative  edge  in 
electronics? 


BY 

CHRISTOPHER 

KOCH 


Buy  a  laptop  anywhere  in  the 
world  and  there  is  a  one-in-four 
chance  that  T.J.  Fang  will  process 
the  order.  You’ll  just  never  know  it. 

Fang’s  secret  is  cloaked  in  IT, 
in  servers  that  consolidate  pur¬ 
chase  orders  from  name-brand 
American  companies  such  as 
Dell,  Hewlett-Packard,  Apple  and 
IBM.  The  order  trail  leads  to 
Fang’s  ERP  system  at  Quanta 
Computer  in  Taipei.  Fang,  assis¬ 
tant  vice  president  and  head  of  IT 
operations  at  Quanta,  feeds  those 
orders  to  his  Taiwanese  and  Chi¬ 
nese  suppliers  and  factories,  and 
within  five  days,  Quanta  “drop 
ships”  to  the  customer  a  laptop 
that  the  buyer  himself  configured 
on  the  brand-name  website.  No 
one  at  the  company  selling  the 
laptop  ever  lays  a  finger  on  it. 
Indeed,  investment  bank  Morgan 
Stanley  estimates  that  the  manu¬ 


facturing  for  89  percent  of  American  brand-name  laptops  are  out¬ 
sourced  today.  What’s  more,  many  of  these  famous  computer  brand 
names  don’t  even  design  their  machines  anymore.  New  models  are 
chosen  from  a  shelf  of  fully  functioning  prototypes  offered  up  by  a 
handful  of  Taiwanese  companies.  Quanta’s  ability  to  design  and  build 
new  laptops  from  scratch  has  helped  it  gain  a  25  percent  share  of  all 
laptops  sold  in  the  United  States.  “In  the  past  10  years,  [companies 
such  as  Quanta]  have  gone  from  undercover  stealth  to  a  massive 
global  business,”  says  Adam  Pick,  senior  analyst  for  iSuppli,  a  mar¬ 
ket  intelligence  consultancy. 

Outsourcing  has  reached  the  highest  level  of  the  manufacturing 
supply  chain:  R&D.  By  outsourcing  R&D  offshore,  original  equip¬ 
ment  manufacturers  (OEMs)  can  freeze  a  portion  of  their  R&D  budg¬ 
ets  while  growing  their  product 
offerings.  Even  R&D  powerhouses 
such  as  IBM,  HP  and  Motorola  have 
frozen— or  even  reduced— their 
R&D  budgets  since  2000.  “[Out¬ 
sourcing]  is  a  tremendous  opportu¬ 
nity  for  cost  savings  on  R&D,”  says 
Jack  Faber,  vice  president  of  opera¬ 
tions,  enterprise  systems  for  HP. 

But  there  may  be  a  downside  to 
all  this  R&D  reshuffling.  Some  econ- 


Reader  ROI 

::  Why  the  big  U.S.  com¬ 
puter  makers  are  moving 
their  R&D  overseas 

::  What  this  means  to  their 
ability  to  achieve  the  next 
electronics  breakthrough 

::  How  this  trend  will  affect 
CIOs  and  their  compa¬ 
nies’  supply  chains 
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Outsourcing  R&D 


As  U.S.  companies  increasingly  shift  their  R&D  focus 
from  new  breakthroughs  to  product  refreshes, 

they  will  be  tempted  to  move  that  work  offshore. 


omists  say  the  outsourcing  of  manufactur¬ 
ing— and  now  design— is  the  leading  edge  of 
a  longer-term  trend  toward  reduced  innova¬ 
tion  and  competitiveness  among  U.S.  com¬ 
panies.  As  OEMs  turn  over  the  development 
of  new  products  to  outsourcers,  it  could  have 
a  withering  effect  on  these  companies’  ability 
to  create  the  next  breakthrough,  especially 
as  many  freeze  R&D  spending.  Spending  on 
R&D  by  U.S.  companies  declined  more  in 
2002  (3.9  percent)  than  it  has  since  the 
National  Science  Foundation  began  tracking 
the  number  in  1953. 

Though  the  technology  slump  that  began 
in  2000  may  play  a  big  role  in  these  declin¬ 
ing  R&D  numbers,  there  is  a  larger,  more 
disturbing  trend  at  work,  argues  Gregory 
Tassey,  senior  economist  at  the  National  Insti¬ 
tute  of  Standards  and  Technology  (NIST).  For 
the  past  12  years,  the  proportion  of  R&D 
money  going  toward  new  innovation— the  “R” 
in  R&D— has  also  been  going  down,  displaced 
by  incremental  product  development  (next 
year’s  laptop,  for  example).  Product  develop¬ 
ment— the  “D”  in  R&D— swallows  more 
resources  than  the  “R”  work,  and  it  does  not 
create  new  opportunities  for 
revenue;  it  merely  extends 
current  product  categories. 

Meanwhile,  government 
spending  on  R&D  has  also 
been  dropping  over  the 
same  period.  R&D  spending 
in  the  United  States  now  lags  behind  many 
countries,  including  Japan  and  Germany. 
The  changing  mix  of  R&D  spending  in  the 
United  States  could  have  a  major  impact  on 
U.S.  competitiveness  over  the  long  term, 
Tassey  says.  Governments  around  the  world 
are  pumping  money  into  private-sector  R&D 
to  boost  innovation.  In  contrast,  U.S.  gov¬ 
ernment  spending  on  R&D  is  almost  all 
focused  on  specific  programs— such  as 
space,  defense  and  health— rather  than  free¬ 
form  research. 

“We  have  the  view  in  this  country  that 
private  industry  is  capable  of  making  the 
necessary  investments  in  R&D  to  keep  the 
U.S.  competitive,”  says  Tassey.  “If  that’s  the 
case,  then  every  other  country  in  the  world 
is  wrong.” 

The  U.S.  computer  industry  may  be  a  bell¬ 
wether  for  other  industries  that  have  not  yet 
begun  to  send  product  development  work  to 


outsourcers.  As  U.S.  companies  increasingly 
shift  their  R&D  focus  from  new  break¬ 
throughs  to  product  refreshes,  they  will  be 
tempted  to  move  that  work  offshore,  where 
well-trained  and  well-educated  engineers 
are  available  at  a  fraction  of  the  cost  of  their 
U.S.  counterparts. 

The  trend  is  eerily  similar  to  the  offshore 
outsourcing  of  computer  programming. 
Unemployment  rates  among  both  R&D 
engineers  and  IT  programmers  in  the  United 
States  continue  to  trend  downward,  despite 
the  recent  economic  rebound.  As  more  valu¬ 
able  components  of  the  manufacturing  value 
chain  progressively  move  offshore,  will  the 
ultimate  value  creators— advanced  research 
and  innovation— eventually  move  offshore 
too?  How  long  can  U.S.  companies  continue 
to  innovate  when  they  no  longer  manufac¬ 
ture  or  update  products?  What  will  be  left 
behind?  Marketing? 


For  CIOs  in  electronics  and  other  indus¬ 
tries,  the  shift  toward  global  manufacturing 
and  R&D  means  big  changes  in  the  supply 
chain.  Companies  that  outsource  R&D  or 
split  it  among  different  locations  or  suppliers 
will  need  IT  linkages  to  enable  better  collab¬ 
oration  among  engineers.  And  as  companies 
outsource  other  pieces  of  the  supply  chain 
(customer  service,  shipping,  and  warranty 
and  repair,  for  example),  CIOs  will  need  to 
replace  direct  oversight  of  processes  with 
automated  monitoring  and  reporting  to 
ensure  that  suppliers  are  meeting  quality 
metrics  and  shipping  on  time. 

Of  course,  if  outsourcing  is  truly  com¬ 
plete— from  design  right  on  down  to  ship¬ 
ping,  service  and  repair— there  is  a  distinct 
possibility  that  companies  could  drastically 
cut  back  on  internal  IT  as  well,  severely 
reducing  the  CIO’s  span  of  influence.  Indeed, 
as  OEMs  turn  more  of  their  supply  chain 
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over  to  offshore  electronic  manufacturing 
services  (EMS)  companies,  they  will  rely 
more  and  more  upon  the  internal  IT  groups 
of  these  organizations  to  monitor  their  sup¬ 
ply  chain  for  them.  “OEM  has  become  a 
misnomer  unless  you  change  the  M  to  mar¬ 
keting,”  says  Kristian  Talvitie,  director  of 
strategic  marketing  and  communications  for 
Plexus,  a  global  EMS  company  based  in  the 
United  States. 

Moving  Up  the  Food  Chain 

In  the  past  15  years,  EMS  companies  here  and 
abroad  have  moved  steadily  up  the  food  chain 
in  large  part  because  the  value  of  the  work  to 
which  they  laid  claim  has  been  driven  down 
by  price  pressure  and  global  competition. 
Indeed,  the  work  that  launched  the  EMS 
industry  in  the  ’80s,  stuffing  components  such 
as  microprocessors  onto  computer  circuit 
boards  for  big-name  computer  manufactur¬ 
ers,  has  ceased  to  be  profitable,  industry  insid¬ 
ers  say.  “Placing  components  on  boards  is 
commoditized.  You  have  to  offer  a  whole  vari¬ 
ety  of  services  to  win  a  new  customer  today,” 
says  John  McManus,  managing  director  and 
senior  analyst  for  Needham  &  Co.,  an  invest¬ 
ment  banking  and  research  company. 

To  survive,  EMS  companies  have  had  to 
continually  take  on  higher-order,  more  com¬ 
plex  pieces  of  the  electronics  supply  chain  to 
keep  their  hollow-cheeked  profit  margins 
(overall  industry  average  is  2  percent  to  5  per¬ 
cent)  from  disappearing  altogether.  Design 
work  typically  has  higher  gross  profit  mar¬ 
gins,  between  8  percent  and  11  percent,  accord¬ 
ing  to  iSuppli’s  Pick.  This  has  led  to  the  growth 
of  upstart  companies  such  as  Quanta  that  spe¬ 
cialize  in  total  design,  manufacturing  and  ship¬ 
ping  solutions  for  customers.  Traditional  EMS 
companies,  accustomed  to  focusing  exclusively 
on  the  manufacturing  portion  of  the  supply 
chain,  are  now  expanding  their  design  serv¬ 
ices  to  compete.  “[EMS  companies]  want  to  get 
more  of  the  value  added  at  the  research  end,” 
Tassey  says.  “Innovation  is  where  you  capture 
the  big  value,  the  new  markets.” 

Quanta,  unlike  its  larger  EMS  competitors, 
does  not  swallow  customers’  old  factories  and 
try  to  squeeze  profits  out  of  them.  Quanta 
emphasizes  design  and  logistics  in  Taiwan 
and  assembles  a  network  of  manufacturers, 
mostly  in  China,  to  build  its  products.  And 
Fang  can  use  lightweight  IT  connections  to 


hook  his  supply  chain  together  and  keep  cus¬ 
tomers  apprised  of  where  their  products  are 
in  the  process.  Fang  has  created  an  Internet 
portal  for  his  network  of  700  small  suppli¬ 
ers.  Each  morning,  suppliers  download  their 
purchase  orders  from  Quanta’s  website  and 
print  out  bar  codes  that  they  slap  on  the  side 
of  the  box  so  that  Quanta  can  quickly  direct 
the  materials  where  they  need  to  go  at  its 
Taipei  logistics  center. 


Here  is  a  list  of  companies  that  out¬ 
source  most,  if  not  all,  of  the  design 
and  manufacturing  of  some  of  their 
products. 


COMPANY 

PRODUCTS 

3Com 

Networking  equipment 

Cisco 

Networking  equipment 

Dell 

PCs,  servers,  laptops, 
PDAs,  printers,  digital 
cameras 

EMC 

Servers 

HP 

PCs,  servers,  laptops, 
printers,  digital 
cameras 

IBM 

PCs,  servers,  laptops 

Linksys 

Networking  equipment 

Motorola 

Cell  phones 

IT  Makes  Outsourcing  Easy 

IT  has  accelerated  the  outsourcing  trend  in 
electronics  because  it  allows  OEMs  to  mon¬ 
itor  the  processes  they  give  up,  such  as 
manufacturing  and  design.  IT  can’t  replace 
a  good  assembly  line  foreman  or  a  chief 
engineer  who  watches  over  things,  but  in 
many  cases,  monitoring  the  process  is 
enough.  For  example,  OEMs  don’t  need  to 
test  each  PC  made  by  an  EMS  before  it  gets 
shipped  if  they  have  set  up  a  testing  process 


at  the  factory  that  is  monitored  by  IT.  The 
OEM  just  has  to  verify,  via  an  IT-based 
reporting  system,  that  PCs  that  didn’t  pass 
the  agreed-upon  test  were  not  shipped. 
Monitoring  reduces  the  number  of  people 
from  the  OEM  needed  onsite  at  the  EMS’s 
factory  and  virtually  eliminates  the  need 
for  the  OEM  to  physically  take  possession 
of  the  products. 

For  big  U.S.  companies  with  diverse 
product  lines  such  as  HP,  it’s  impossible  to 
get  everything  they  need  from  a  single  EMS 
company.  Nor  would  these  companies  want 
to,  for  competitive,  intellectual  property  and 
security  reasons.  But  HP,  for  one,  does  try  to 
limit  the  number  of  EMS  companies  it  deals 
with,  partly  to  shave  costs,  and  also  because 
the  increased  IT  demands  of  monitoring  the 
EMS’s  processes  can  be  quite  expensive  for 
highly  configurable  products  such  as  high- 
end  servers.  “If  we  want  to  create  a  build-to- 
order  process  for  customers  with  an  EMS, 
there  is  a  lot  more  intimacy  required  in  the 
information  we  exchange  with  the  EMS,” 
says  Faber.  More  product  options  means 
more  monitoring  of  the  EMS  company’s 
processes.  “The  information  pipe  will  be  a 
lot  bigger  and  must  be  much  more  respon¬ 
sive  to  changes  than  when  we’re  dealing 
with  a  commodity  product,”  he  says. 

If  an  EMS  can  take  over  the  entire  prod¬ 
uct  process,  from  design  to  manufacturing 
to  shipping  to  customers,  and  OEMs  can 
verify  through  relatively  inexpensive  IT 
controls  that  the  EMS  is  performing  all 
these  processes  up  to  snuff,  it  becomes  a 
much  more  enticing  package  for  OEMs. 
Splitting  up  linked  processes  such  as 
design,  manufacturing  and  shipping  is 
hard;  it  costs  more  and  requires  more  over¬ 
sight  from  the  OEM.  That’s  why  design  is 
becoming  a  deal  maker  (or  breaker)  for  new 
outsourcing  business.  “All  of  the  [EMS] 
companies  realize  they  have  to  get  involved 
in  the  design  effort  at  the  early  stage 
because  that’s  how  the  business  is  won 
today,”  says  Needham’s  McManus. 

With  the  relentless  margin  pressure  that 
exists  in  the  computer  industry  today,  OEMs 
are  quickly  coming  to  the  view  that  there  is 
no  point  in  devoting  a  great  deal  of  R&D 
resources  to  mature  product  categories  that 
change  as  rapidly  as  PCs,  laptops  and  cell 
phones.  R&D  engineers  are  the  most  expen- 
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sive  nonmanagement  employees  these  com¬ 
panies  have.  “The  OEMs  are  building  entirely 
new  product  families  every  few  years.  So  you 
either  keep  building  R&D  capacity  to  do  that, 
or  you  outsource  it,”  says  Chris  Smith,  pres¬ 
ident  and  CEO  of  RiverOne,  a  maker  of  sup¬ 
ply  chain  management  software.  “It’s  driven 
by  the  pace  of  change  in  the  industry.” 

Indeed,  Quanta  is  not  designing  anything 
all  that  original.  The  company  is  unlikely  (at 
least  for  now)  to  invent  the  next  revolution¬ 
ary  new  product  category.  But  it  is  perfectly 
capable  of  designing  and  manufacturing  the 
next  version  of  a  PC,  laptop  or,  in  a  move  up 


the  value  chain,  storage  server  on  its  own. 
“These  companies  started  with  circuit 
boards  and  worked  their  way  up  to  design 
over  the  years.  They’ve  built  up  a  lot  of  trust 
with  the  OEMs,”  says  iSuppli’s  Pick.  These 
companies  aren’t  simply  providing  cheap 
labor,  either.  Pick  says  many  have  instituted 
quality  programs  such  as  Six  Sigma  that 
rival  Western  producers.  Factory  capacity 
utilization  among  EMS  companies  averages 
85  percent  to  90  percent  in  the  Far  East,  ver¬ 
sus  65  percent  worldwide. 

Innovation  Not  Far  Behind 

Quanta’s  Fang  is  careful  to  point  out  that  his 
company  has  no  intention  of  developing  its 
own  brands  and  selling  against  its  cus¬ 
tomers.  But  other  offshore  EMS’s  have 
already  broken  that  taboo.  For  example, 
BenQ,  another  Taiwanese  EMS,  sells  its  own 
brands  of  cell  phones  and  computer  acces¬ 
sories  in  the  Far  East  and  the  United  States. 

Quanta  could  be  forced  to  do  the  same  in 
the  not-too-distant  future.  The  incredible 
growth  of  electronics  outsourcing  has 
masked  a  fundamental  weakness  in  the 
business  model:  Nobody  has  yet  learned 
how  to  make  much  profit  doing  it.  Even 
design  margins  have  begun  to  erode 
recently,  as  EMS  companies  flock  to  the 
model  and  OEMs  push  for  lower  prices.  To 
avoid  a  race  to  the  bottom,  the  industry  is 


going  to  have  to  find  a  way  to  earn  better 
returns.  “I  don’t  think  there’s  anything  stop¬ 
ping  the  outsourcing  push,”  says  Needham’s 
McManus.  “The  issue  is:  Can  you  be  a  suc¬ 
cessful  corporation  with  returns  on  capital 
that  are  no  better  than  15  percent?” 

Indeed,  during  a  recent  conference  call. 
Jure  Sola,  chief  executive  officer  of  Sanmina- 
SCI,  a  large  EMS  company,  told  financial 
analysts,  “There’s  no  way  in  the  world  this 
industry  can  exist  on  the  margins  that  we 
are  delivering  today.” 

Innovation  is  the  route  out  of  low-mar¬ 
gin  manufacturing.  IBM,  Xerox,  AT&T  and 


HP  built  their  R&D  capabilities  with  cash 
from  unique  products  that  commanded  high 
margins— or,  in  the  case  of  AT&T,  from  an 
outright  monopoly.  But  those  companies 
have  a  harder  time  justifying  investments 
in  research  today.  “It’s  difficult  to  make  an 
ROI  argument  for  creating  fundamentally 
new  scientific  knowledge,”  says  Mark  Bern¬ 
stein,  president  and  center  director  of  PARC, 
the  former  Xerox  think  tank  that  was  spun 
out  into  an  independent  subsidiary  in  2002. 
“Faster  product  cycles  and  the  increased 
focus  on  efficiency  and  productivity  have 
made  it  harder  for  companies  to  have  a  long¬ 
term  vision.” 

The  loss  of  manufacturing  and  design 
could  make  it  difficult  for  the  traditional 
R&D  powerhouses  to  innovate  in  the  future. 
“Real  breakthrough  product  development 
usually  requires  manufacturing  and  re¬ 
search  to  be  located  together,”  says  NIST’s 
Tassey.  Supercomputers  and  high-tech 
weapons,  for  example,  required  close  col¬ 
laboration  between  engineers  and  manu¬ 
facturers. 

But  PARC’s  Bernstein  says  R&D  must 
become  more  global  by  necessity.  “The 
breadth  of  research  required  to  master  a 
market  these  days  is  pretty  significant,”  he 
says.  “You’re  going  to  see  a  lot  more  part¬ 
nering”  around  the  globe  to  do  research. 
Besides  outsourcing  manufacturing  and 


design,  many  U.S.  companies  have  opened 
their  own  dedicated  R&D  facilities  in  low- 
cost  countries  such  as  India  and  China. 
Innovation  still  occurs  under  the  banner  of 
a  U.S.  corporation,  but  it  happens  elsewhere, 
employing  lower-cost  engineers.  Though 
U.S.  corporations  will  continue  to  innovate 
under  this  model,  the  United  States  and  its 
pool  of  engineers  will  become  lesser  engines 
of  that  innovation. 

To  some  observers,  this  may  sound  a 
death  knell  for  the  United  States’  current 
lead  in  technology  innovation,  but  HP’s 
Faber  isn’t  overly  worried.  “I  hate  to  sound 
like  a  Republican,”  he  says,  “but 
when  I  first  came  here  20  years  ago, 
we  had  our  own  factories  for  sheet 
metal  and  screws  and  everyone 
thought  we  had  to  keep  them.  As  we 
outsource,  we  just  keep  focusing  on 
higher  value-added  work.”  HP’s 
newer  64-bit  servers  are  examples 
of  products  that  are  largely  conceived  and 
designed  in  the  United  States,  he  says. 

It’s  clear,  however,  that  this  is  a  sensitive 
issue  for  the  traditional  R&D  powerhouses. 
All  but  one  (HP)  declined  to  comment  on  the 
growing  trend  in  outsourcing  the  “D”  in 
R&D.  At  the  same  time,  the  EMS  companies 
we  spoke  to  denied  they  have  any  plans  to 
expand  into  the  “R”  part  of  R&D  or  offer 
their  own  products  for  sale.  Given  their 
dependency  on  brand-name  companies  for 
business,  it’s  unlikely  that  we’ll  see  a 
“Quanta  Labs”  anytime  soon.  But  as  the 
EMS  companies  take  on  more  and  more 
design  work  and  build  up  their  engineering 
groups,  there  is  little  doubt  that  they  will 
eventually  have  the  capability  to  come  up 
with  their  own  ideas. 

Quanta,  for  instance,  has  1,500  design 
engineers  today.  The  plan  is  to  expand  that 
number  to  7,000  in  the  next  couple  of  years. 
Fang  thinks  other  EMS  companies  will  fol¬ 
low  suit.  “The  profits  in  manufacturing 
aren’t  large,”  he  says.  “So  moving  into 
design  is  an  obvious  choice.  It’s  a  natural 
evolution.”  Even  if  Quanta  has  no  plans  to 
sell  its  own  products,  surely  one  of  those 
7,000  engineers  will  have  a  good  idea  up 
his  or  her  sleeve.  HE! 


Executive  Editor  Christopher  Koch  can  be  reached 
at  ckoch@cio.com. 


For  CIOs  in  electronics  and  other 
industries,  the  shift  toward  global 

manufacturing  and  R&D  means 

big  changes  in  the  supply  chain. 
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»  DUANE  BREEDEN,  VP  of  IT  at  Ntelos,  chose 
mentor  training— a  way  of  teaching  programmers  new 
skills  on  the  job— when  his  staff  complained  that 
traditional  classroom  training  wasn’t  working. 
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DO  IT  YOURSELF 
DEVELOPMENT 


With  a  deadline  looming  and  an  IT  department  floundering,  a  midsize 
wireless  telco  provided  its  programmers  with  on-the-job  mentoring 

BY  SUSANNAH  PATTON 


IN  JUNE  OF  2002,  DUANE  BREEDEN  LOOKED  OUT 

from  a  window  at  a  landscape  of  rolling  green  hills  and  realized 
that  he  could  soon  face  a  storm  inside  his  IT  department.  Breeden, 
vice  president  of  IT  at  Ntelos,  a  regional  wireless  and  local  phone 
service  provider  in  Virginia  and  West  Virginia,  needed  to  replace 
the  phone  carrier’s  legacy  systems  with  Web-based  interfaces  in 
time  to  meet  a  November  2003  Federal  Communications  Com¬ 
mission  deadline  for  wireless  number  portability.  The  Web  inter¬ 
faces  would  enable  the  company  to  more  easily  switch  customers’ 
phone  numbers,  but  his  staff  of  legacy  developers  wasn’t 
equipped  to  do  the  upgrade.  A  failure  to  meet  the  November  dead¬ 
line  could  put  the  company  out  of  business. 

Breeden  had  three  choices:  He  could  outsource  the  project,  hire 
consultants  to  do  the  work  onsite  or  train  his  staff  to  do  the  work 
themselves.  Breeden  had  seen  his  share  of  cocky  consultants  para¬ 
chute  in  to  do  a  project,  and  then  leave  without  training  staff  devel¬ 
opers.  He  was  wary  of  outsourcing 
because  he  had  just  spent  two  years 
building  up  his  staff,  and  he  didn’t 
want  to  discourage  them— or  worse, 
lose  them.  So  he  chose  to  train  them. 

With  a  deadline  looming  and 
resources  tight,  Breeden  chose  an 
unorthodox  approach.  He  hired  a 


select  group  of  consultants  not  only  to  train  his  staff,  but  also  to 
mentor  them  and  to  ensure  they  completed  the  project  on  time. 

The  bet  paid  off,  both  for  Ntelos  and  its  IT  staff.  Breeden  met  his 
deadline,  and  today,  most  of  his  software  developers  are  proficient 
in  software  languages  that  run  on  the  .Net  platform.  The  devel¬ 
opers— some  of  whom  are  over  40  and  thought  they  might  never 
learn  new,  more  marketable  skills— say  they  are  more  optimistic 
about  their  futures,  and  more  motivated.  Breeden  says  he  will  use 
this  training  method  again  in  the  future. 

The  dilemma  that  Breeden  faced  in  2002  is  one  that  still  plagues 
IT  departments  of  all  shapes  and  sizes:  how  to  upgrade  the  skills  of 
your  staff  while  moving  abruptly  from  legacy  to  newer  technolo¬ 
gies.  And  providing  time  out  for  training  is  particularly  challeng¬ 
ing  for  midsize  companies  such  as  Ntelos  (which  had  $262.7  million 
in  revenue  in  2002)  that  are  coping  with  tight  budgets  and  staffs 
stretched  to  their  limits.  Ntelos’s  experience  illustrates  how  a  mid¬ 
size  IT  department,  or  any  company  that  wants  to  train  a  few  peo¬ 
ple  at  a  time,  can  benefit  from  a  mentoring  program  that  is  focused 
on  getting  legacy  system  programmers  to  learn  by  doing. 

As  Breeden  can  attest,  it  is  cheaper  to  have  your  own  pro¬ 
grammers  do  the  work  rather  than  bring  in  a  crew  of  consultants. 
Morale  also  gets  a  boost.  At  Ntelos,  there  has  been  no  turnover 
among  the  mentored  employees  after  a  year,  and  productivity 
has  increased.  Phil  Murphy,  an  analyst  at  Forrester  Research 
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Reader  ROI 

::  What  mentor  training 
is  and  how  it  works 

::  Reasons  to  teach  pro¬ 
grammers  new  skills 
while  they  build  new 
systems 


Training 


»  DYNAMIC  DUO:  Kim  Kiser,  an  Ntelos  systems  analyst,  learned  .Net  from  mentors, 
including  Chad  Casselman,  senior  technologist  with  Amentra.  Kiser  was  able  to 
apply  her  skills  immediately  to  help  build  a  new  customer  account  system. 


who  started  his  own  career  as  a  program¬ 
mer  and  has  also  worked  as  a  consultant, 
says  the  method  works  especially  well  for 
programmers  and  developers,  who  require  a 
more  gradual  ramping  up  of  skills  than,  for 
example,  network  engineers,  who  can  more 
easily  acquire  discrete  skills  in  a  class.  Diane 
Morello,  a  Gartner  research  vice  president 
who  specializes  in  workforce  strategies,  says 
that  consulting  companies  are  often  under 
pressure  to  finish  a  project  and  the  trend 
toward  mentoring  is  moving  slowly. 

“If  a  company  wants  to  have  mentoring 
when  they  hire  a  consultant,  they  need  to  be 
explicit  that  they  want  their  staff  to  have 
practical  training,”  Morello  says. 

A  Legacy  of 
Outdated  Skills 

Troubles  with  IT  consultants  at  Ntelos  stretch 
back  for  years.  When  Breeden  arrived  in  Feb¬ 
ruary  of  1999,  there  were  as  many  consult¬ 
ants  onsite  as  employees  at  the  105-year-old 
telecom  company.  At  the  time,  the  company 
had  22  IT  staffers  and  roughly  30  consult¬ 
ants  rushing  to  convert  its  core  billing  sys¬ 
tem  for  Y2K  compliance.  The  IT  staff  was  not 
skilled  enough  to  handle  the  work,  so  the 
consultants  took  up  the  slack.  The  arrange¬ 
ment  left  an  atmosphere  of  animosity.  “Staff 
would  get  upset  because  the  contractors  were 
getting  the  new,  neat  stuff,  and  they  were  get¬ 
ting  old  and  more  cumbersome  work  to  do,” 
Breeden  says. 

He  realized  he  needed  to  rebuild  his  team 
and  rely  less  on  subcontracting,  so  he  set  out 
with  the  director  of  the  applications  devel¬ 
opment  group.  Brad  Kurtz,  to  increase  the 
IT  headcount  to  60  (of  which  25  are  devel¬ 
opers).  With  the  wireless  business  going 
gangbusters  at  the  time,  the  staff  was  work¬ 
ing  furiously  to  add  new  customers  to  Nte- 
los’s  aging  AS400  billing  systems. 

But  the  highly  experienced  group  of 
AS400  developers  were  soon  going  to  need 
to  upgrade  their  skills.  The  FCC  had  man¬ 
dated  that  customers  must  be  able  to  take 
their  phone  numbers  from  carrier  to  carrier. 
Companies  such  as  Ntelos  decided  to  upgrade 
their  customer  account  systems  from  green 
screens  to  a  graphical  user  interface  so  that 
clerks  in  stores  could  easily  walk  customers 
through  a  carrier  change.  The  once  simple 
process  of  selling  a  phone  to  a  customer 


would  now  require  clerks,  as  well  as  call  cen¬ 
ter  reps,  to  run  credit  histories,  to  talk  to  cus¬ 
tomers  about  their  decisions,  and  then  to  set 
up  billing  with  multiple  phone  lines.  The  new 
user  interface  was  dubbed  Wireless  Wizard. 

In  the  early  summer  of 2002,  Breeden  and 
Kurtz  decided  they  would  get  their  staff 
trained  in  Java  programming  in  classroom 
settings.  Several  months  into  the  training, 
however,  they  began  hearing  from  develop¬ 
ers  that  these  traditional  teaching  methods, 
which  included  classes  and  exercises  from 
books,  weren’t  working.  By  the  end  of  the 
year,  the  pair  was  getting  desperate.  Sitting 
on  the  windowsill  of  Kurtz’s  office,  Breeden 
remembered  a  company  called  Amentra  that 
had  been  contacting  him  periodically  for  the 
previous  three  years.  Amentra  had  proposed 
a  mentoring  type  of  training  it  said  would 
enable  staff  developers  to  learn  to  work  on 
the  .Net  platform  and  to  hone  other  needed 
skills  on  the  job.  This  seemed  like  a  way  to 
provide  training  while  at  the  same  time  help¬ 
ing  Ntelos  meet  its  FCC  deadline. 

Project  success,  meanwhile,  became  even 
more  pressing.  Ntelos,  along  with  many 
other  telecom  companies,  had  expanded  too 
quickly  and  filed  for  bankruptcy  in  March 
2003.  (It  emerged  six  months  later.)  Because 


of  the  financial  restructuring,  Breeden  says, 
“We  needed  to  provide  solutions  that  were 
more  efficient  to  produce  with  existing  staff.” 
Breeden  adds,  however,  that  he  would  have 
chosen  the  mentoring  approach  even  if  the 
company  had  not  been  in  financial  trouble. 

Programmers  Learn 
New  Tricks 

In  May  2003,  almost  a  year  after  Breeden 
had  started  his  quest  to  train  his  staff,  two 
trainers  from  Amentra  arrived.  (During  that 
year,  Breeden  and  Kurtz  had  settled  on  .Net 
over  Java  as  a  development  tool  and  final¬ 
ized  a  design  for  the  project).  Kim  Kiser,  a 
systems  analyst  with  21  years  of  experience 
as  an  AS400  programmer,  was  skeptical. 
Kiser  had  bad  memories  from  her  previous 
job,  where  she  had  been  sent  to  classes  to 
learn  Oracle  database  programming.  Upon 
her  return  to  her  cubicle,  she  had  felt  com¬ 
pletely  lost  trying  to  work  on  the  Oracle  soft¬ 
ware.  “I  was  floundering  around  and  there 
was  no  one  around  to  help  me,”  she  says. 

Kiser  made  it  clear  that  she  wanted  to  work 
on  the  Wizard  project  and  to  understand  what 
the  two  consultants  who  would  be  working 
with  her  were  doing.  The  training  started  with 
two  weeks  of  classroom  sessions  to  get  Kiser 
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and  other  developers  up  to  speed  on  .Net  ter¬ 
minology  and  familiar  with  samples  of  the 
code  from  Microsoft.  “It  was  overwhelming 
on  that  first  day,  because  they  were  throwing 
a  whole  new  vocabulary  at  us,”  she  says. 

After  this  introduction,  the  programmers 
returned  to  their  desks.  Kiser  worked  at  first 
one-on-one  with  Chad  Casselman,  a  senior 
technologist  at  Amentra,  and  then  by  herself 
to  start  building  the  .Net  platform  for  the 
Wireless  Wizard.  “The  learning  curve  was 
vertical  but  there  was  always  someone  there 
to  help  us,”  she  says.  Kiser  said  she  was  at 
times  overwhelmed  with  the  volume  of  mate¬ 
rial  she  needed  to  learn,  including  the  struc¬ 
ture  of  .Net  and  C-Sharp  language.  The 
opportunity  to  apply  her  knowledge  imme¬ 
diately  to  a  real  project  ensured  that  she  really 
learned  the  material.  “You  can’t  get  this  from 
just  classroom  training  or  a  book,”  she  says. 

Ntelos  gave  Kiser  and  her  colleagues  a 
PowerPoint  presentation  that  outlined  a 
design  for  building  components  of  the  Wire¬ 
less  Wizard.  To  get  the  project  started,  one  of 
the  Amentra  trainers  designed  a  database  and 
business  process  for  Wireless  Wizard,  and 
Kiser  contributed  to  the  framework  that  holds 
user  profiles.  Kiser  sat  at  her  cubicle  and,  in 
the  beginning,  made  frequent  mistakes.  “The 
folks  from  Amentra  were  always  there  to 
answer  questions,”  she  says.  “They  were 
extremely  patient.”  After  months  of  working 
on  pieces  that  would  eventually  come  together 
as  the  Wizard,  Kiser  finally  feels  like  she  can 
go  it  alone.  One  of  the  Amentra  consultants  is 
still  working  onsite  if  she  has  questions. 

Gartner’s  Morello  says  she  is  not  aware  of 
the  larger  consultancies  that  focus  on  men¬ 
toring  techniques,  although  she  sees  a  grow¬ 
ing  desire  for  it  among  clients.  Companies  are 
also  using  internal  staff  to  mentor  less  expe¬ 
rienced  employees,  she  says.  “Mentoring  is  an 
undervalued  trend,”  Morello  says.  “There  is  a 
core  need  for  knowledge  transfer  after  a  proj¬ 
ect  is  complete.  Companies  need  to  push  for 
this  in  order  to  make  it  happen.” 

Because  it’s  a  new  approach,  Breeden  pro¬ 
ceeded  with  caution.  He  hired  Amentra  ini¬ 
tially  for  a  90-day  engagement.  And  he 
coached  the  Amentra  mentors  about  each  of 
his  developers,  explaining  which  ones  were 
apprehensive  about  learning  something 
new  and  would  need  more  encouragement. 
Because  the  Wireless  Wizard  is  a  modular 


system,  Breeden  and  Kurtz  were  able  to 
monitor  progress  step-by-step,  extending  the 
Amentra  contract  by  two  additional  90-day 
periods  as  they  saw  their  developers  learn¬ 
ing  and  completing  the  project. 

A  Passing  Grade 

Ntelos  developers  started  building  .Net  com¬ 
ponents  for  Wireless  Wizard  in  July  2003, 
and  the  company  began  rolling  out  the  sys¬ 
tem  to  retail  stores  in  October.  By  the  fol¬ 
lowing  month,  the  company  released  a 
refined  version  of  the  Wizard  software  in 
order  to  fully  handle  the  FCC  requirements. 

Breeden  and  Kurtz  stress,  however,  that 
the  process  wasn’t  completely  smooth.  At  one 
point  when  the  deadline  was  approaching, 
they  short-cut  the  training  process  and  had 
Amentra  programmers  do  the  work  to  finish 
up  key  components  of  the  Wireless  Wizard. 
“This  project  could  not  be  100  percent  owned 
by  our  group  if  we  wanted  to  make  that  dead¬ 
line,”  Breeden  says.  By  this  point,  however, 
Kiser  said  the  Amentra  consultants  had  won 
the  goodwill  of  staff  developers  and  had 
become  more  like  colleagues  than  outsiders. 
“There  was  no  resentment  toward  them, 
because  they  were  here  to  help  us,”  Kiser 
says.  “We  knew  the  business,  and  they  knew 
the  software.  We  had  a  working  partnership.” 


for  Mentor 


Ntelos  VP  of  IT  Duane  Breeden 
shares  his  lessons 

»  Start  small: 


Hire  mentoring  consultants 
for  a  short-term  contract,  and  get  results 
from  a  small  project  before  tackling  big 
projects  or  training  needs. 

Make  sure  internal  staff 
continues  to  work  on  core  projects  as 
they  apply  their  new  skills.  Make  it  clear 
to  consultants  that  they’re  around  to 
help,  not  do  all  the  work. 

Don’t  start  the  mentoring 
process  when  a  deadline  is  looming. 

Allow  time  for  staff  to  fail  at  new  tasks. 

Remember  seasoned 
staff  knows  your  business  even  if  they 
lack  technical  skills.  That’s  why  you’re 
training  them.  -S.P. 


Read  the  Report 


Phil  Murphy,  an  analyst  at  Forrester  Research, 
started  his  career  as  a  programmer.  Now,  he’s 
a  fan  of  using  consultants  to  mentor  employ¬ 
ees.  Read  his  report,  "Modernizing  Legacy 
Programmer  Skills,"  at  www.cio.com/analyst. 
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Breeden  and  Kurtz  were  satisfied  that  the 
mentoring  helped  them  meet  the  wireless 
number  portability  deadline.  Although  they 
say  it  is  difficult  to  quantify  financial  savings 
from  the  approach,  they  note  that  they  ended 
up  spending  25  percent  less  on  the  Wireless 
Wizard  than  if  they  had  outsourced  the  proj¬ 
ect  to  an  ASP  that  had  done  Web  interface 
work  for  them  before.  They  stress  that  men¬ 
toring  ensured  that  Ntelos  developers  not 
only  were  able  to  help  build,  but  can  now 
maintain  a  system  for  wireless  sales  that  has 
resulted  in  25,000  to  30,000  fewer  failed 
orders,  greater  accuracy  in  customer  bills 
and  fewer  calls  to  the  customer  care  center. 

Breeden  says  he  credits  his  success  with 
the  mentoring  approach  to  his  staff’s  eager¬ 
ness  to  learn  and  Amentra’s  ability  to  help 
him  make  his  deadline  while  training  Ntelos 
developers.  He  also  says  he  thinks  it  worked 
particularly  well  because  his  group  of  devel¬ 
opers  were  all  at  the  same  level.  In  IT  depart¬ 
ments  that  include  staff  at  many  skill  levels, 
the  mentoring  approach  could  become  more 
difficult.  Also,  if  a  company  faces  an  extremely 
tight  deadline,  there  might  not  be  time  to 
include  training  in  a  project. 

At  Ntelos,  Breeden  and  Kurtz  were  so 
happy  with  the  initial  project  that  they  are 
now  using  the  same  mentoring  training 
method  as  they  create  an  equivalent  Wire- 
line  Wizard  for  the  landline  part  of  their 
business.  So  far,  nine  senior  developers,  two 
recent  hires  and  two  project  leaders  have 
gone  through  the  mentoring  process.  Bree¬ 
den  and  Kurtz  say  they  will  chose  mentoring 
over  classroom  training  in  the  future  if  the 
projects  allow. 

“When  you  send  programmers  off  to 
school,  they  solve  lab  problems,”  Breeden  says. 
“When  you  teach  them  something  new  on  the 
job,  you  solve  real  business  problems.”  HE 


Contact  Senior  Writer  Susannah  Patton  at 
spatton@cio.com. 
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JUST  BECAUSE  THE  SYSTEM  IS  DOWN 
DOESN’T  MEAN  THE  PEOPLE  USING  IT  SHOULD  BE 


Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  when  something  goes  wrong.  That’s  Information  Availability.  And  one  of  the 
best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  applications  and 
data  while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  is  always  on.  SunGard  can  offer  a  secure 
and  scalable  environment  at  a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  facilities  with  network, 
power  and  equipment  redundancies  that  are  unparalleled.  For  a  free  copy  of  the  IDC  White  Cl  A  DFV  I  Keeping  People 

|  and  Information 
Connected 


Availability  Services 


Paper:  “Ensuring  Information  Availability”  visit  www.availability.sungard.com/idcwp 
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Tiny  technologies 
don’t  take  up  much 
space,  but  they  can 
offer  payback  that 
belies  their  size 


Smal  I  Wonders 

BY  ALICE  DRAGOON 

I 

TECHROI  |  In  the  land  of  the  free  and  the  home  of  supersizing,  we’ve  all  been  trained  to 
think  bigger  is  better.  But  just  as  good  things  can  come  in  small  packages,  big  ROIs  can  be  had 
from  tiny  technology. 

Here  are  three  (relatively)  pint-sized  technologies  that  have  the  potential  to  pack  a  pow¬ 
erful  ROI  punch. 


1.  Wearable  PCs 

For  some  travelers  staying  at  Hilton’s  Waldorf-Astoria  in  New  York  City,  part  of  the  fun  is 
traipsing  through  the  hotel’s  opulent  art  deco  lobby  to  check  in  at  the  ornate  front  desk.  But 
many  road-weary  business  executives  would  just  as  soon  skip  the  grandeur  (and  the  wait) 
and  head  straight  to  their  rooms.  To  allow  them  to  do  just  that,  guest  service  agents  (GSAs) 
with  wireless  tablet  PCs  and  small,  wearable  printers  can  bring  the  front  desk  to  guests.  GSAs 
can  check  in  business  travelers  as  soon  as  they  get  out  of  their  cars,  or  check  out  departing 
vacationers  as  they  step  off  the  elevator.  “We  don’t  want  to  force  people  to  walk  to  the  main 
lobby,”  says  Thomas  B.  Spitler,  vice  president  of  front  office  operations  and  systems  at  Hilton 
Hotels.  “We’ve  even  checked  in  groups  on  the  beach  in  Hawaii.” 
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BECAUSE  HYBRID  IS 
ACTUALLY  NOT  A  SOLUTION. 

(EXCEPT  FOR  CARS.) 


Hybrid  is  as  hybrid  does.  And  when  it  comes  to  IP  Communications,  hybrid  doesn't  do  much  more  than  compromise.  Hybrid  doesn't 
do  seamless  failover.  Doesn't  do  scalability.  Doesn't  do  end-to-end  security.  Ditto  for  remote  upgrades.  So  if  it's  a  car,  go  hybrid.  But 
if  it's  a  networking  and  communications  strategy  you're  driving,  make  sure  you  drive  the  integrated,  secure,  end-to-end  solution: 
To  learn  more  about  Cisco  IP  Communications  solutions  or  to  find  a  service  provider  that  offers  these  managed  services  over  a 
Cisco  Powered  Network,  visit  cisco.com/domore  COMMUNICATION.  THE  NEW  FASHIONED  WAY.  CISCO  IP  COMMUNICATIONS. 
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CO  M  P  E  TIT  I  0  N 


We’re  looking 
for  winners. 

Fortoo  long  now,  the  name  of  the  game  has  been  survival.  Cut  your  budget. 
Slash  your  staff.  Do  more  with  less,  or  just  do  less.  Postpone  it,  reduce  it  or 
outsource  it.  Think  small. 

But  thinking  small  is  for  losers. 

This  year  we’re  celebrating  boldness. 

We’re  looking  for  organizations  and  leaders  playing  to  win,  not  just 
survive,  despite  business  conditions  that  continue  to  be  difficult 
and  restrictive. 

Boldness  requires  the  vision  to  see  where  your  business  could  go, 
where  IT  could  lead  it  and  then  investing— money,  time,  people  and 
brainpower— to  make  that  happen.  It  means  finding  new  ways  for  tech¬ 
nology  to  make  the  enterprise  more  profitable.  It  means  going  after 
new  customers,  in  new  markets,  with  IT  helping  to  create  new  products 
and  systems  in  that  pursuit.  Bold  companies  look  for  imaginative  ways 
to  organize  their  resources,  their  staff  and  their  governance  to  enhance 
their  future  competitiveness. 


Boldness  means  embracing  significant  risk  for  the  sake  of  great 
reward. 


If  you  can  show  measurable  results  of  how  IT  has  enabled  and  led  bold 
initiatives  in  your  organization,  then  our  readers— your  peers— want  to 
know  about  you. 


CIO  100  honorees  will  be 
honored  at  the  annual  CIO  100 
Symposium  &  Awards  Cere¬ 
mony  Aug.  21-23,  2005,  at  the 
Hotel  del  Coronado,  California. 
Honorees— and  their  bold 
ideas— will  also  be  featured  in 
the  Aug.  15,  2005,  issue  of  CIO. 

Learn  more  about  the  CIO  100 
and  get  an  application  on  our 
website.  Applications  available 
online  at  www.CIO.com/ciolOO, 


Presented  by 

icia 
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Information  Executives 


CALL  FOR  ENTRI 


18th  ANNUAL  AWARDS 


Be  recognized  as  one  of  the  Bold  100. 

Apply  now  for  the  18th  Annual  CIO  100  Awards. 
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Two  years  of  piloting  has  convinced 
Hilton  executives  of  the  value  of  wearable 
computers— small  tablet  PCs  that  commu¬ 
nicate  wirelessly  with  the  Hilton  LAN.  At 
roughly  9.5  inches  by  8  inches,  the  Atigo  M 
from  Xybernaut  offers  a  bigger  screen  than 
a  PDA.  “That  additional  real  estate  allows 
us  to  give  GSAs  floating  in  the  lobby  access 
to  the  same  suite  of  tools  they’d  have  if  they 
were  behind  the  front  desk,”  says  Spitler. 
What’s  more,  employees  don’t  need  to  spend 
time  getting  trained  on  a  new  mobile  sys¬ 
tem;  they  just  use  a  stylus  to  access  a  virtual 
keyboard  onscreen. 

Agents  also  wear  a  tissue  box-sized 
Zebra  Cameo  PEP  printer  and  a  small 
magnetic  stripe  reader  on  a  belt  or  carry  it 
on  a  purselike  strap  over  their  shoulder.  At 


ROI  we  can  tie  back  to  operational  savings. 
It’s  more  about  creating  customer  loyalty, 
and  better  positioning  Hilton  as  a  technol¬ 
ogy  innovator.” 

2.  Satellite  in  a  Suitcase 

When  Hurricane  Charley  slammed  into  the 
Gulf  Coast  of  Florida  on  Friday  the  13th  last 
August,  hundreds  of  Hardee  County  resi¬ 
dents  lost  their  homes,  and  thousands  lost 
power  and  phone  service.  For  Don  Sargin- 
son,  deputy  sheriff  in  the  Hillsborough 
County  Sheriff’s  Office,  getting  called  in  to 
help  “was  like  going  back  in  time  50  years.” 
Deprived  of  phone  service  and  Internet  con¬ 
nectivity,  law  enforcement  agents  had  to  fall 
back  on  using  runners  or  spotty  two-way 
radio  service. 


!  “This  technology  is  more  about 
creating  customer  loyalty’’  than  ROI. 

Robert  Machen,  Hilton  VP  of  corporate  systems 


check-in,  they  use  the  device  to  swipe  cus¬ 
tomer  credit  cards  and  encode  room  keys  as 
well  as  to  print  arrival,  deposit  and  room 
number  confirmations.  At  checkout,  agents 
use  the  devices  to  quickly  generate  item¬ 
ized  folios.  Because  the  printers  are  wire¬ 
less  Bluetooth-based,  they  don’t  need  cords 
to  link  them  to  the  Xybernaut  tablet  PCs. 
Although  an  earlier  version  of  the  Xyber¬ 
naut  tablet  required  agents  to  tote  an  external 
battery  pack,  the  current  version  runs  on 
hot-swappable  batteries  that  GSAs  can 
replace  on  breaks  without  having  to  power 
down  their  applications. 

Currently,  seven  of  the  more  than  350 
hotels  that  Hilton  owns  or  manages  use 
Xybernaut  tools,  with  the  cost  to  outfit  one 
GSA  being  “south  of  $5,000,  including  sup¬ 
porting  technology,”  says  Robert  Machen, 
vice  president  of  corporate  systems.  Hilton 
also  has  plans  to  expand  the  program, 
despite  a  lack  of  hard  ROI  numbers. 
“Quick,  efficient  check-in  is  an  extremely 
important  metric,”  says  Machen.  “But  this 
technology  is  not  about  trying  to  create  an 


The  following  night,  Sarginson  met  with 
Matt  Riley  of  Freedom4 Wireless,  a  company 
that  provides  emergency  first-response 
products  and  services.  Together,  they  iden¬ 
tified  areas  of  the  county  for  which  restoring 
data  communications  was  critical.  The  next 
morning,  it  took  Freedom4Wireless  all  of 
10  minutes  to  set  up  Tachyon  Networks’ 
Quick  Deploy  to  provide  data  connectivity 
via  satellite  across  a  60-square-mile  net¬ 
work.  (Quick  Deploy— which  includes  a 
satellite  dish,  an  IP-based  router,  a  transpon¬ 
der  and  a  receiver— communicates  with 
satellites  on  which  Tachyon  rents  space.) 
Within  minutes,  first  responders  could  use 
the  ad  hoc  network  to  access  law  enforce¬ 
ment  applications  over  the  Internet,  view 
images  from  video  surveillance  cameras  in 
emergency  relief  distribution  centers  and 
track  the  location  of  fire  trucks. 

Unfortunately,  the  storm  worsened  just 
as  curfew  for  everyone  but  first  responders 
arrived  on  Sunday  night.  Worried  that  the 
Tachyon  equipment  was  in  danger  of  dam¬ 
age  from  lightning,  the  Freedom4Wireless 
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workers  stowed  the  gear,  shutting  down  the 
network.  Within  five  minutes,  Sarginson 
and  sheriffs  from  other  neighboring  coun¬ 
ties  wanted  to  know  what  had  happened  to 
their  network.  Five  minutes  after  that,  Free- 
dom4Wireless  reversed  its  decision  and 
turned  the  Tachyon  system  back  on  and 
restored  communications. 

Tachyon  also  offers  Auto  Deploy,  its 
“satellite  in  a  suitcase.”  Starting  at  about 
$18,000,  Auto  Deploy  lets  users  press  a  sin¬ 
gle  button  to  automatically  point  the  unit’s 
antenna  at  a  satellite,  providing  Internet 
access  with  Tl-like  performance.  Tachyon 
clients  rely  on  Auto  Deploy  for  disaster 
recovery  and  backup,  instead  of  investing  in 
a  redundant  T1  line.  A  large  power  company, 
for  example,  uses  Auto  Deploy  to  provide 


high-speed  connectivity  to  corporate  data¬ 
bases  during  planned— and  emergency- 
maintenance  and  repairs  at  its  plants. 
Although  satellite  in  a  suitcase  is  small  by 
satellite  standards,  plan  on  a  hefty  tip  for 
the  bellhop.  This  suitcase  weighs  a  whop¬ 
ping  260  pounds. 

3.  Magic  Dust 

At  Edison’s  Nuclear  Generating  Station  in 
San  Onofre,  Calif.,  each  time  one  of  the  large, 
’70s-era  motors  fails,  the  plant’s  power  out¬ 
put  drops  between  20  percent  and  25  per¬ 
cent  for  the  three  days  it  takes  to  fix  or 
replace  the  equipment.  The  company  then 
must  spend  as  much  as  $400,000  to  buy 
replacement  power  at  emergency  rates  to 
meet  customers’  energy  demands.  Until  now, 
engineers  checked  the  motors’  temperature 
monthly,  hoping  to  predict  which  motors 
were  about  to  fail  so  that  they  could  pre¬ 
emptively  rebuild  or  replace  them  during 
scheduled  maintenance  periods.  Monthly 
manual  readings,  however,  don’t  provide 
enough  trend  information  to  be  particularly 
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useful.  “We  did  monthly  readings  and  we 
missed  a  lot  of  things,”  says  Lloyd  Pente¬ 
cost,  maintenance  engineer  at  the  San 
Onofre  plant.  After  two  motors  failed,  it 
became  clear  that  monthly  monitoring  was 
insufficient.  “We  increased  to  weekly  read¬ 
ings,  and  it  made  no  difference,”  he  says, 
since  readings  can  vary  based  on  the  time  of 
day  or  outside  temperature.  Then  Pentecost 
installed  Wi-Fi-based  sensors  on  eight 
motors  to  collect  real-time  trend  data.  “Once 
you  get  real-time  data,  the  problem  jumps 
out  at  you,”  he  says.  But  Wi-Fi  is  expensive 
and  poses  a  potential  security  risk.  So  Pen¬ 
tecost  decided  to  try  out  wireless  mesh  net¬ 
worked  sensors. 

With  wireless  mesh  networking,  small, 
low-power  communications  nodes  function 


as  routers,  talking  amongst  themselves  in 
order  to  monitor  and  control  applications 
without  the  hassles— and  often  prohibi¬ 
tively  high  installation  costs— of  a  wired  or 
typical  Wi-Fi  network.  Dust  Networks’ 
SmartMesh,  for  example,  has  nodes  (or 
“motes”  as  the  company  calls  them)  that 
wake  up  as  needed  and  digitize  data  from 
attached  sensors,  then  send  that  data  in 
packets  through  an  onboard  radio  to  neigh¬ 
boring  nodes.  The  data  travels  from  node  to 
node  until  it  reaches  a  line-powered  node, 
which  aggregates  the  data  packets,  collects 
statistics  and  publishes  data  to  a  wired  net¬ 
work  where  it  can  be  accessed  by  enterprise 
applications.  Alternatively,  nodes  can  send 
their  data  directly  to  monitoring  and  control 
systems.  The  nodes  can  be  hooked  up  to 
actuators  as  well  as  sensors,  so  in  addition 
to  collecting  data  (such  as  temperature  or 
humidity  readings),  they  can  also  give  com¬ 
mands  (to  activate,  say,  a  fan  if  temperatures 
increase  above  a  certain  level)— all  without 
any  additional  wiring. 

Dust’s  SmartMesh  nodes  are  self- 


By  2006, 

the  market 
for  wireless 
sensors 
could  reach 

$652 M. 

Source:  InStat/MDR 


configuring,  requiring  no  site  survey  and 
no  radio  frequency  knowledge.  If  a  sensor 
goes  out  or  is  obstructed,  the  other  sensors 
will  automatically  reroute  their  data,  thus 
forming  a  “self-healing”  network.  Because 
the  nodes  turn  on  only  periodically  to  cap¬ 
ture  a  reading  and  relay  information,  they 
need  minimal  power,  operating  three  to 
five  years  on  two  AA  batteries. 

Although  this  new  technology  shows 
great  promise  for  building  automation, 
industrial  monitoring  and  security  appli¬ 
cations,  most  early  adopters  are  still  in  the 
pilot  stage.  Pentecost  tested  four  nodes 
from  another  “mesh  sensor”  vendor,  Sensi- 
cast,  in  the  fall  and  was  pleased  with 
their  performance  (they  can  transmit 
through  walls  and  even  relay  to  other  nodes 
a  couple  buildings  away).  In  January,  he 
plans  to  pilot  a  16-node  Sensicast  mesh 
network  to  monitor  16  additional  motors  at 
the  plant.  And  he’s  confident  that  wireless 
mesh  will  pay  off.  “We  could  put  a  Wi-Fi 
transmitter  on  each  motor,  but  you’ve  got 
to  run  a  conduit  to  it,  and  that  drives  cost 
out  of  this  world,”  he  says.  He  expects  to 
pay  $500  per  Sensicast  node,  plus  another 
$500  each  for  installation  to  cover  the 
paperwork  and  analysis  that  must  precede 
any  change  in  a  nuclear  power  plant. 
(According  to  Sensicast,  the  price  for 
building  control  applications,  which  have 
less  severe  packaging  and  environmental 


Wireless  mesh  nodes  function  as 
routers,  monitoring  applications 
without  the  hassle  of  a  wired  network. 
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What  if  your  assets  had  appreciating  value  instead  of  depreciating  value? 


With  the  Maximo®  Enterprise  Suite,  you  not  only  see  the  performance  of  all  your  assets  across  your  enterprise,  but  also 
the  untapped  potential  within  them.  So  you  can  make  every  stage  of  every  asset  life  cycle  more  valuable.  And  gain  the 
information  and  the  control  you  need  to  more  closely  align  your  assets  with  your  business  strategies.  To  learn  more 
about  our  Strategic  Asset  and  Service  Management  solutions,  visit  maximoenterprise.com/cio  or  call  800-326-5765. 

COUNTED  CONTROLLED  MAXIMIZED 

©2005.  MRO  Software,  Inc.  All  rights  reserved.  Maximo  is  a  registered  trademark  and  MRO  Software  is  a  trademark  of  MRO  Software,  Inc 
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requirements  than  industrial  applica¬ 
tions,  is  $250  to  $350  per  node.)  But 
given  the  value  of  having  near  real-time 
data,  Pentecost  sees  the  investment  as 
more  efficient  than  spending  $2,000  a 
month  on  manual  inspections.  “If  we 
have  data,  we  won’t  be  flying  in  the  dark,” 
he  says. 

At  Supervalu,  a  grocery  store  operator 
and  distributor  based  in  Eden  Prairie, 
Minn.,  efficient  use  of  energy  is  critical 
to  the  bottom  line,  given  the  amount  of 
refrigeration  and  lighting  in  your  aver¬ 
age  supermarket.  But  today,  only  about 
20  percent  of  Supervalu’s  261  grocery 
stores  have  energy  meters,  and  of  those, 
approximately  one-third  have  submeters 
that  can  pinpoint  the  energy  usage  of  spe¬ 
cific  pieces  of  equipment  such  as  refriger¬ 
ation  racks  and  condensers.  It  would  be 
far  too  expensive  to  hard-wire  meters  in 
every  store,  so  to  combat  energy  waste, 
Dan  Bertocchini,  corporate  director  of 
energy  management,  has  been  testing  a 
Dust  SmartMesh  network  of  approxi¬ 
mately  19  motes  to  monitor  power  usage 
by  individual  pieces  of  equipment  in  a  gro¬ 
cery  store  in  Minneapolis. 

Bertocchini  figures  that  he  can  save  as 
much  as  80  percent  of  the  cost  to  install 
sensors  by  going  wireless.  Although  he 
probably  won’t  invest  in  wireless  sensors 
for  every  store,  he’s  considering  expand¬ 
ing  the  wireless  capability  to  multiple 
sites.  “I’m  thinking  it  may  be  easy  to  relo¬ 
cate  a  mote  to  a  different  building,”  he 
says.  “And  we  can  work  our  way  through 
the  stores.” 

Picking  up  and  relocating  motes— were 
they  actually  mote-sized— might  prove 
tedious  and  cause  eyestrain  of  course.  So 
while  current  Dust  nodes  can  be  as  small 
as  bottle  caps,  buyers  are  requesting  some¬ 
thing  a  bit  more  manually  manageable- 
units  about  the  size  of  two  decks  of  cards 
and  easily  attached  using  standard  screw¬ 
drivers.  There  is,  it  seems,  such  a  thing  as 
too  small. 


Senior  Editor  Alice  Dragoon  can  be  reached  at 
adragoon@cio.com. 
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Cleaning  with  Green  Tea 


THE  ENVIRONMENT  |  Your  average 
computer  is  a  toxic  rat's  nest  of  earth- 
unfriendly  materials,  from  the  chemicals 
used  in  its  production  to  the  soon-to-be 
obsolete  parts  that  will  lie  in  landfills  from 
here  to  eternity.  But  some  companies  and 
researchers  are  looking  for  ways  to  reduce 
the  polluting  overhead  of  digital  tech. 

Scientists  at  Ventana  Research,  Pace 
Technologies  and  the  University  of  Arizona, 
for  instance,  last  spring  discovered  a  new 
use  for  green  tea  that  could  ultimately  lead 
to  hard  drives  that  are  far  less  toxic  than 
those  currently  produced.  The  tea  is  used  in 
a  slurry  for  polishing  the  read-write  heads  of 
drives— a  process  that  currently  requires 
toxic,  nonbiodegradeable  compounds  that 
are  dangerous  and  require  expensive  dis¬ 
posal  procedures.  The  scientists  also  claim 
that  the  brew  actually  works  better  than 
existing  methods.  “One  customer  has  been 
purchasing  pilot  plant  quantities  from  us 
and  has  already  polished  some  10,000 
read-write  heads  with  this  fluid,”  says  John 
Lombardi,  president  of  Ventana  Research 
and  the  lead  scientist  on  the  project. 


That  is,  of  course,  the  best-case  scenario, 
when  an  eco-friendly  technology  proves 
more  effective  than  what  it  replaces.  In 
some  cases,  however,  there’s  a  price  to  pay 
for  going  green— often,  it’s  literally  a  price. 

Pioneer,  for  instance,  last  fall  announced 
Blu-ray  discs  made  largely  from  cornstarch 
(Blu-ray  offers  a  storage  capacity  of  around 
25GB).  Unlike  those  made  from  more  typi¬ 
cal  polymers,  the  cornstarch  discs  biode¬ 
grade  fairly  rapidly  (in  less  than  100  years). 
And  if  burned,  the  discs  wouldn’t  produce 
any  toxic  chemicals.  Unfortunately,  the 
discs  (such  as  the  corn-based  Sanyo  “Mild- 
Disc”  CD-ROMs)  are  pricier  than  their  plain 
plastic  competition.  Sanyo  says  its  discs 
currently  cost  about  three  times  as  much 
as  normal  polymer  discs,  but  it  hopes  to 
reduce  the  cost  to  nearly  the  same  as  other 
technologies  over  time. 

Discs  are  not  the  only  corny  PC  option, 
either.  NEC  Japan  announced  last  fall  that 
it  planned  to  make  the  cases  for  10  per¬ 
cent  of  its  laptop  line  out  of  corn-based, 
biodegradeable  materials  by  the  year  2010. 

-Christopher  Lindquist 
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CSO  Perspectives 

Conference 


“CSO  Perspectives  provides 
security  executives  with  a 
well  planned  event  that 
assembles  visionaries, 
leaders  and  technical 
experts  delivering  thought 
and  information  that  will 
drive  the  landscape  of 
security  in  the  market.” 


Michael  Assante 

CSO 

t  American  Electric  Power 


April  10-12,  2005 

Hyatt  Regency  Huntington  Beach 
Huntington  Beach,  CA 


Balancing  the  Art  &  Science  of  Security 


Today's  security  executives  are  required  to 
perform  difficult  and  constant  balancing  acts 
between  the  art  and  science  of  security,  con¬ 
tinuously  weighed  against  the  needs  of  the 
business.  Getting  the  “science”  part  of  the 
equation  right  is  the  easier  part.  The  tech¬ 
nologies  are  known  entities,  and  better  ones 
continue  to  evolve.  There  are  quantitative 
measurements  around  such  issues  as  intru¬ 
sion  detection,  forensics  and  regulatory 
compliance,  along  with  more  mature 
attempts  to  quantify  the  ROI  of  security. 

It’s  the  “art”  of  security  that's  the  harder 
part— the  art  of  diplomacy,  of  persuasion, 
of  getting  into  and  understanding  other 
mindsets.  It’s  everything  from  establishing 


security  procedures  everyone  will  actually 
follow.  It’s  fostering  positive  relations  with 
senior  executives  and  the  board  of  directors. 
It’s  getting  the  staff  to  think  like  a  hacker  or 
terrorist  to  get  ahead  of  potential  threats. 

We’ll  examine  this  complex  balancing  act  by 
looking  at  what  the  top  practitioners  are 
thinking  and  doing,  and  by  listening  to  what 
leading  security  and  privacy  experts  think 
will  affect  the  landscape  of  the  future. 

For  more  information 

call  800.366.0246  or  visit 
www.csoonline.com/conferences 
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Looking  Out; 
Looking  In 

Outsource  what  makes  sense,  but  create 
some  new  internal  opportunities  for  yourself 


As  you 
outsource  in 
some  domains, 
you  can  actually 
insource  new 
territory. 


BY  ERIC  KNORR 


CHANGING  TECH  |  This  is  the  age  of 
outsourcing.  The  reason  behind  the  trend  is 
simple:  The  financial  crystal  balls  at  most 
companies  are  still  cloudy,  which  puts  a 
damper  on  capital  expenses. 

As  you  stare  at  your  list  of  backlogged 
projects,  the  practical  appeal  of  outsourc¬ 
ing  is  undeniable,  since  it’s  an  operating 
expense.  But  strategic  insourcing  is  also  a 
viable  option— one  where  you  may  be  able 
to  do  more  than  shore  up  your  defenses  and 
actually  gain  new  ground.  It’s  all  about  bal¬ 
ancing  the  outside  with  the  inside. 

Selective  Sourcing 

First,  get  a  good  handle  on  your  outsourcing. 
I’m  always  perplexed  when  people  equate  it 
with  offshoring  and  the  exploitation  of 
cheap  programming  talent.  Application 
development  should  be  one  of  the  last  things 
you  farm  out,  particularly  to  places  where 
intellectual  property  is  hard  to  protect, 
because  that  code  often  contains  unique 
business  value.  If  it  doesn’t,  you  should  prob¬ 
ably  just  license  commodity  software— or 
avoid  licensing  costs  altogether  by  opting 
for  a  hosted  solution. 

Yes,  I  mean  services  like  Salesforce.com, 
but  that’s  only  the  most  obvious  example. 
How  about  e-mail?  I  still  hear  plenty  about 
the  pain  of  managing  and  scaling  mail 
servers.  A  good  specialized  e-mail  hosting 
service  such  as  Zantaz’s  Hosted  Exchange 


Archive  Solution  can  take  that  off  your  plate. 

Application  monitoring  is  another  good 
prospect.  Mercury  Interactive  says  that  half  of 
its  monitoring  customers  opt  for  a  hosted 
solution.  It  makes  sense,  since  Mercury  prob¬ 
ably  has  a  lot  more  experience  poring  over 
those  logs  than  your  staff  ever  will. 

Then  there’s  content  management.  Crown- 
Peak,  Clickability  and  iUpload  all  offer  capa¬ 
ble  hosted  solutions.  Grand  Central  even 
purports  to  integrate  hosted  applications 
before  they  touch  your  enterprise. 

People  also  talk  about  using  managed 
security  providers,  but  outside  of  VPNs,  I 
find  that  idea  dicier.  There’s  security  trend- 
known  as  security  event  management  or 
security  information  management— that  pro¬ 
vides  a  consolidated  view  of  the  “threatscape” 
by  capturing  and  filtering  security  events 
from  devices  and  software  all  over  the  enter¬ 
prise.  I  have  yet  to  see  a  managed  service  in 
this  space  that  provides  as  comprehensive  a 
view  as,  say,  an  in-house  implementation 
from  ArcSight  or  NetForensics. 

So  there’s  no  such  thing  as  a  totally  out¬ 
sourced  enterprise  IT  department  yet.  In  fact, 
although  IT  is  shrinking  in  some  respects, 
it’s  also  expanding  into  new  areas.  So  as  you 
outsource  in  some  domains,  you  can  actually 
insource  new  territory. 

VoIP  is  the  most  obvious  example  of  a 
new  frontier  of  inner  space.  Under  the  right 
conditions— a  highly  distributed  workforce, 


a  call  center  hobbled  by  old  equipment- 
putting  the  phone  system  on  the  enterprise 
data  network  can  wow  the  business  side 
with  immediate  payback. 

Just  remember  to  resist  with  all  your 
might  when  someone  inevitably  suggests 
that  VoIP  get  its  own  dedicated  network  to 
ensure  quality  of  service.  Instead,  use  VoIP 
as  the  perfect  excuse  to  upgrade  your  net¬ 
work  to  gigabit  Ethernet.  Along  with  enjoy¬ 
ing  a  nice  bandwidth  boost,  your  control 
over  phone  service— a  whole  new  domain- 
will  make  the  IT  department  even  more 
indispensable  (though  your  power  grab 
may  be  enjoyed  less  by  your  current  tele¬ 
com  people). 

Electric  Company 

Big  IT  operations  might  consider  pushing 
the  envelope  even  further,  all  the  way  to  elec¬ 
tric  power.  Some  IT  organizations  have 
gotten  into  enterprisewide  power  manage¬ 
ment  with  constant  voltage  transformers 
and  fuel  cells  for  backup.  Heck,  you  might 
even  consider  the  data  center  as  a  heat 
source  for  an  HVAC  system.  It’s  been  done. 
Remember,  your  budget  may  be  con¬ 
strained,  but  if  you  think  creatively  and  grab 
a  new  area  outside  of  conventional  IT,  that’s 
new  money. 


Eric  Knorr  is  executive  editor  at  large  for  Infoworld. 
He  can  be  reached  at  eknorr@pacbell.net. 
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Middleware  is  Everywhere 


S. 


IBM  EXPRESS  MIDDLEWARE™  IS  SOFTWARE 

Software  like  WebSphere®  Express  that’s  designed 
to  help  mid-sized  businesses  connect  their  processes 
to  meet  business  goals.  On  demand.  Designed  to  work 
with  the  IT  systems  you  have.  Designed  to  be  installed 
quickly  and  easily,  with  prices  starting  at  $600t  Ask  your 
Business  Partner  about  it  -  or  you  might  miss  the  boat. 


1.  Crates  of  patio  furniture  scanned. 

2.  Quantities  verified  on  secure  database. 

3.  Timetables  confirmed  online. 

4.  Inventory  added  to  order  automatically. 
5.1,200  plastic  chairs  en  route  to  Key  West 


Ask  your  Business  Partner  or  learn  more  about  us  at  ibm.com/middleware/express  23 


DEMAND  EXPRESS  PORTFOLIO 

BUILT  FOR  MID-SIZED  BUSINESS. 


ire,  and  Express  Portfolio  are  registered  trademarks  or  trademarks  of  International 
!S.:  Based  on  IBM  pricing  for  U.S.  only,  including  software  maintenance  and  technical 
esS  Partner  prices  may  vary.  ©2004  IBM  Corporation.  All  rights.reserved. 


IBM,  the  IBM  logo,  WebSphere,  the  On  Demand  logo,  Expre: 


Business  Machines  Corporation  in  the  United  States  and/or  oti 
support.  Check  with  your  local  IBM  representative  for  actual  pri 
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CIO  Perspectives  on  Enterprise  Value  & 
CIO  Enterprise  Value  Awards' Ceremony 

February  6-8, 2005  •  Harbor  Beach  Marriott  Resort  &  Spa  ■  Ft.  Lauderdale,  FL 


800.355.0246  or  www.cio.com/conferences 


I  I  Because  you  still  need 
to  demonstrate  the 
value  of  IT. 

We  offer  a  wealth  of 
different  perspectives, 
to  give  you  more  ways 
of  looking  at  value: 

The  Value  Proposition 
Tom  Davenport, 
Conference  Moderator, 
Professor  &  Director  of 
Research,  Executive  Education, 
Babson  College 

Why  is  it  still  so  hard  to  define  and 
demonstrate  the  strategic  value  of  IT 
to  the  enterprise?  Davenport,  noted 
consultant,  author  and  educator, 
kicks  off  the  conference  with  his 
insights  on  IT  value:  everyone  from 
the  business  unit  heads  to  the  chair¬ 
man  ofthe  board  isdemandingfull 
value  for  the  organization’s  IT  invest¬ 
ments.  How  do  you  agree  on  just 
what  the  value  will  be?  Howwill  it  be 
measured?  How  do  you  best  com¬ 
municate  itto  your  constituents? 

Business/IT  Case 
Study  &  Workgroups 
Robert  Austin, 
Associate  Professor  & 
Chair  of  the  Executive  CIO 
Program,  Harvard  Business  School 

Austin  leads  us  through  a  case  cho¬ 
sen  for  its  emphasis  on  the  strategic 
value  of  IT  to  the  subject  enterprise. 
We  then  divide  into  small  working 
groups,  and  are  tasked  with  coming 
up  with  a  set  of  recommended 
actions  and  solutions  for  the  subject 
enterprise's  CIO.  Select  working 
groups  will  report  theirfindings  back 
to  the  assembly  at  large. 


View  From  the  Top: 

A  Perspective  on  IT 
Enterprise  Value 
William  J.  Shaw, 
President  &  COO,  Marriott 
International,  Inc. 

How  do  CEOs  and  other  senior 
management  think  about  the  role  of 
IT,  and  about  the  ability  ofthe  CIO  to 
articulate  and  deliver  true  value  to 
the  enterprise?  What  criteria  do  they 
use  for  measuring  the  CIO’s  success 
or  failure?  Has  the  view  changed 
over  time— and  for  better  or  worse? 
What  were  the  major  influences  in 
changingthose  views?  We  listen 
as  a  top  executive  from  one  of  the 
Enterprise  Value  Award-winning 
companies  gives  us  his  "view  from 
the  top.’’ 


Conversations  with  This 
Year’s  CIO  Enterprise 
Value  Award  Winners 

l 

They’re  first  scrutinized  by  CIO 
editors,  Review  Board  members,  and 
our  judging  panel  of  top-notch  CIOs. 
Meet  with  the  stars  of  this  year’s  win¬ 
ning  organizations,  who  understand 
the  uphill  battle  IT  continues  to  face. 
It’s  your  chance  to  discuss  their  par¬ 
ticular  case  in  more  detail  and  take 
away  lessons  you  can  apply  to  your 
own  organization  back  home. 

,,,The  New  Imperative  for  Growth 
Many  businesses  have  maxed 
out  on  improving  productivity, 
increasing  efficiency  and 
decreasing  costs  as  a  way  to  affect 
the  bottom  line— and  it's  still  not 
enough.  The  new  imperative  is  for 
growth,  whether  organically  or  by 

Sponsored  by 
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acquisition.  The  role  of  the  CIO  in 
a  company's  growth  depends  on 
the  type  of  move  the  company  is 
making.  Are  you  shoring  up  exist¬ 
ing  business  by  strengthening  cus¬ 
tomer  ties?  Entering  new  markets? 
Acquiring  and  integrating  new 
businesses?  In  any  and  all  of  these 
cases,  IT  is  key.  Our  panel  of  sen¬ 
ior  IT  and  business  executives  con¬ 
siders  how  to  fuel  innovation  and 
enable  growth  in  a  business  envi¬ 
ronment  where  resources  are  still 
constrained. 

Extending  IT's  Reach 
Outside  the  Organization 
Several  of  this  year's  CIO 
Enterprise  Value  Award  Winners 
embody  a  growing  trend:  extend¬ 
ing  IT's  reach  further  outside  the 
enterprise,  into  deeper  relation¬ 
ships  with  supply  chains  and  cus¬ 
tomers  of  all  types.  Our  panelists 
share  what  they’re  doing,  how  they 
make  it  work  (including  how  they 
safeguard  critical  company  data), 
and  what  the  payoff  is  in  real 
terms  (hint:  it's  impressive!). 

Mission-based  Value 
Our  definition  of  Enterprise  Value 
has  expanded  over  the  years,  but 
whatever  your  value  proposition, 
you  need  to  be  able  to  identify  it, 
build  it  and  measure  it.  While 
non-profit  organizations  certainly 
think  about  and  manage  their 
costs  as  tightly  as  any  business, 
they  think  about  value  not  in  terms 
of  profit  but  rather  in  terms  of  their 
enterprise's  core  mission.  Even  if 
your  organization's  value  doesn't 
come  from  drastically  altering  the 
quality  of  care  or  saving  lives,  you 
can  learn  how  to  think  about 
different  types  of  value  in  a  whole 
new  way. 


Additional  Speakers: 

Tony  Affuso,  Chairman, 

CEO  &  President,  UGS 

Chris  Baumann,  Manager, 
Transportation  &  Specialty 
Business,  Global  Systems  & 
Services,  ConocoPhillips 

Douglas  Caddell,  C/O, 

Foley  &  Lardner 

Kyle  Heath,  CMO,  Foley  &  Lardner 

John  Heller,  Vice  President  &  CIO, 
Caterpillar  Inc. 

Joe  McPherson,  Director,  Clinical 
Research  Informatics,  St.  Jude 
Children’s  Research  Hospital 

Gary  Rossman,  Director,  Office 
of  Information  Management, 
Department  of  Public  Welfare, 
Commonwealth  of  Pennsylvania 

Xan  Salgado,  Director,  IT,  Inditex 
Group/Zara 

Robert  Sloan,  AT&T  e  Sales  &  Ser¬ 
vice  Vice  President,  AT&T 

Ray  Thomas,  CEO,  Small  Business 
Unit,  Zurich  North  America 

Carl  Wilson,  Executive  Vice  Presi¬ 
dent  &  CIO,  Marriott  International, 
Inc. 

Plus 

Sunday  Night: 

The  Super  Bowl 
Networking  Party 

Tuesday  Night: 

The  Gala  CIO  Enterprise 
Value  Awards  Ceremony  & 
Dinner 


C4I 

Computer  Aid,  Inc.m 


This  year's  CIO  Enterprise 
Value  Awards  are  proudly 
underwritten  by 

V 

tJ 

UGS 

The  PLM  Company 
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summaries 


Jeffrey  Schwarz,  top  IT  officer  at  law 
firm  McDermott,  Will  &  Emery,  has 
had  e-mail  management  pushed  to 
the  top  of  his  agenda. 

50  E-MAIL:  MESSAGE 
THERAPY 

E-MAIL  HAS  BECOME  a  de  facto 
record  repository,  creating  a  storage 
and  recovery  burden  that  e-mail  sys¬ 
tems  as  we  know  them  simply  can’t 
handle.  The  number  of  e-mails  sent 
each  day  will  hit  36.2  billion  in  2006, 
with  as  much  as  75  percent  of  compa¬ 
nies’  intellectual  property  contained  in 
the  messages  and  attachments.  Almost 
every  new  regulation  requires  compa¬ 
nies  to  save  these  messages  for  years, 
and  to  be  able  to  find  and  retrieve  them 
within  36  to  72  hours.  Companies  have 
been  fined  as  much  as  $8.25  million  for 
failure  to  retain  or  expeditiously  turn 
over  e-mails  to  SEC  investigators.  To 
avoid  such  costly  consequences,  CIOs 
need  a  new  approach  to  e-mail  man¬ 
agement  that  incorporates  storage, 
archiving,  indexing  and  policy  enforce¬ 
ment.  The  key  technologies,  relatively 
seamless  to  end  users,  are  now  coming 
of  age— and  consequently  coming 
down  in  price,  though  CIOs  can  expect 
the  overall  price  tag  to  run  upwards  of 
$500,000.  By  Ben  Worthen 


44  |  COVER  STORY 

RIDING  THE  CALIFORNIA  PRIVACY  WAVE 


BOMB 


*«j  he  California  state  legislature  has  enacted  more  than  a  dozen  laws  to  regulate  how 
organizations  that  collect  personal  information  on  California  residents  must  man¬ 
age  that  data.  And  more  are  on  the  way.  These  laws  affect  how  websites  collect 


personal  data,  how  databases  that  store  personal  information  are  to  be  governed,  how 
companies  share  data  with  third  parties,  how  and  when  RFID  tags  are  to  be  used,  how 
faxes  are  archived  and  how  cell  phones  are  managed.  As  many  as  80  percent  of  corporate 
websites’  privacy  policies  are  estimated  to  be  out  of  compliance  with  at  least  one  of  the 
California  laws.  Through  education,  developing  California-specific  policies  and  the  use  of 
encryption  technology,  CIOs  are  reducing  their  companies’  vulnerability  to  litigation 
based  on  these  laws.  By  Allan  Holmes 


62  |  OUTSOURCING:  INNOVATION  SHIPS  OUT 

OFFSHORE  OUTSOURCING  HAS  REACHED  the  highest  level  of  the  manufacturing  sup¬ 
ply  chain:  R&D.  As  much  as  89  percent  of  U.S.  branded  laptops  are  outsourced  today— not 
just  manufacturing,  but  product  design  and  refreshes  too.  Offshore  manufacturers  have 
well-trained  and  well-educated  engineers  available  at  a  fraction  of  the  price  of  their  U.S. 
counterparts.  But  some  economists  say  this  is  the  leading  edge  of  a  long-term  trend  toward 
reduced  innovation  and  (consequently)  competitiveness  among  U.S.  companies.  If  out¬ 
sourcing  is  truly  complete— from  design  right  on  down  to  shipping,  service  and  repair— 
U.S.  companies  could  drastically  cut  back  on  internal  IT  as  well,  relying  instead  on  the 
offshore  companies’  IT  systems  to  monitor  the  value  chain.  So  where  does  this  leave  U.S. 
CIOs?  Precisely  nowhere.  By  Christopher  Koch 


68  |  TRAINING:  DO-IT-YOURSELF  DEVELOPMENT 

FACED  WITH  REPLACING  ITS  LEGACY  SYSTEMS  with  Web-based  interfaces  in  time 
to  meet  the  FCC  deadline  for  wireless  number  portability,  Ntelos  knew  its  developers 
weren’t  skilled  for  the  job.  The  resource-strapped  midmarket  carrier  opted  for  internal 
training,  but  traditional  classroom  training  proved  ineffective.  Then,  Ntelos  tried  a  more 
progressive  approach:  learning  while  doing.  Developers  worked  side-by-side  with 
mentoring  consultants  on  the  live  project.  As  the  work  progressed,  the  developers 
improved  their  .Net  skills.  The  project  was  completed  on  time,  and,  in  the  final  analysis, 
it  proved  cheaper  to  have  in-house  programmers  do  the  work  rather  than  a  crew  of  con¬ 
sultants.  Not  coincidentally,  the  IT  staff’s  morale  improved  even  as  its  productivity  rose. 
By  Susannah  Patton 

74  |  ET:  SMALL  WONDERS 

BIGGER  ISN’T  ALWAYS  BETTER.  Under  the  right  circumstances,  new,  small  technolo¬ 
gies  can  provide  big  payoffs.  For  instance,  tiny  wearable  computers  allow  Hilton  hotel 
staff  to  check  guests  in  before  they  even  reach  the  lobby;  tiny  satellite  transceivers  help 
sheriffs  in  Florida  provide  emergency  services  during  hurricane  season;  and  palm-sized 
“motes”  inside  wireless  mesh  networks  promise  to  supply  real-time  feedback  on  every¬ 
thing  from  the  efficiency  of  supermarket  freezer  cases  to  giant  motors  inside  nuclear 
power  plants.  While  such  devices  are  mostly  used  in  pilot  programs  and  emergency 
situations  today,  all  these  tiny  technologies  show  promise  for  more  widespread  adoption 
in  the  future.  By  Alice  Dragoon 


88 


JANUARY  15,  2005  |  www.cio.com 


PHOTO  BY  BOB  STEFKO 


soiaris 


TEN  MOVES  AHEAD 


1.  LINUX  AND  SOLARIS™  OS 
APPLICATIONS  RUN  SIDE-BY-SIDE 

2.  CHOICE  OF  SYSTEMS - 
SPARC®,  AMD  OPTERON™,  INTEL 

3.  RUNS  ON  OVER  250  SYSTEMS  FROM 
OTHER  MANUFACTURERS 

4.  APPLICATIONS  RUN  UP  TO  30  TIMES  FASTER 

5.  MILITARY-GRADE  SECURITY, 

VIRUS-FREE  FOR  THE  LAST  20  YEARS 

6.  GUARANTEED  COMPATIBILITY* 
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Oracle  Grid 

turns  64  PC  servers 
into  a  giant  mainframe 


It's  fast. . . 
it's  cheap... 
and  it  never  breaks 


oracle.com/grid 
or  call  1.800.633.0753 


Note:  'Never  breaks'  indicates  that  when  a  server  goes  down,  your  system  keeps  on  running. 
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